b69836464183df8cf030f346dfdf1ae8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b69836464183df8cf030f346dfdf1ae8_JaffaCakes118
Size

34KB
MD5

b69836464183df8cf030f346dfdf1ae8
SHA1

e2e2c2713797eb920dda1daf25adb3cf05b5fd70
SHA256

f31727e72320deb74a725ae986ee56d3fdca4ffaaa95432a7f3536124c0d0723
SHA512

aa89993f8273c444decd9b687d878f60f1385717d376e66dc772d1b1b60e43cd821e7e3cf43b8266e9d837489bfc7e3b9157d0066b243032f0d633e58649367c
SSDEEP

768:/p/QXgyM4fk/VwqVXfpfZNdl9Y7nBbZTsLvOpLLs+JBeO:h/QXgOk/eYfpfZNdQ7nBB9s+Jd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b69836464183df8cf030f346dfdf1ae8_JaffaCakes118

Files

b69836464183df8cf030f346dfdf1ae8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c23584470b91e73bbe7ffdd89833ab46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CreateFileA
GlobalLock
DeleteFileA
MultiByteToWideChar
CreateThread
WaitForSingleObject
ReadFile
GetFileSize
FreeLibrary
SetFilePointer
GetModuleFileNameA
GlobalUnlock
Process32Next
Process32First
CreateToolhelp32Snapshot
MoveFileExA
GetTempFileNameA
GetFileAttributesA
TerminateProcess
OpenProcess
SetFileAttributesA
CopyFileA
GlobalFree
CloseHandle
LoadLibraryA
GetProcAddress
GlobalAlloc
VirtualProtect
CreateMutexA
GetLastError
GetModuleHandleA
Sleep
ExitProcess
WideCharToMultiByte
GetCommandLineA
GetTempPathA
GetPrivateProfileStringA
GetSystemDirectoryA
GetWindowsDirectoryA
WritePrivateProfileStringA

user32

RegisterWindowMessageA
RegisterShellHookWindow
SetWindowLongA
CallWindowProcA
GetClientRect
GetDesktopWindow
GetDC
GetWindowRect
ReleaseDC
wsprintfA
GetWindowTextA
GetParent
EnumWindows
GetWindowThreadProcessId
GetClassNameA

gdi32

CreateDCA
GetDeviceCaps
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC

gdiplus

GdiplusShutdown
GdipDisposeImage
GdipSaveImageToFile
GdiplusStartup
GdipGetImageEncoders
GdipFree
GdipAlloc
GdipCloneImage
GdipGetImageEncodersSize
GdipLoadImageFromFile

urlmon

URLDownloadToFileA

msvcp60

??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

ws2_32

connect
htons
gethostbyname
socket
recv
send
inet_ntoa
WSAStartup
WSACleanup
inet_addr
closesocket

psapi

GetModuleFileNameExA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

strrchr
_access
strchr
strncpy
abs
malloc
wcscmp
??2@YAPAXI@Z
__CxxFrameHandler
atoi
strcmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
_stricmp
_getpid
_strlwr
_strrev
free
strncmp
strtok
memset
strcat
fopen
fgets
strstr
strcpy
strlen
memcpy
sprintf

netapi32

Netbios

Exports

Exports

COMResModuleInstance
DriverProc
KsCreateAllocator
KsCreatePin
KsCreateTopologyNode
ServerMain
modMessage
modmCallback

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c23584470b91e73bbe7ffdd89833ab46

Headers

File Characteristics

Imports

kernel32

user32

gdi32

gdiplus

urlmon

msvcp60

ws2_32

psapi

wininet

msvcrt

netapi32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 542KB

Shared Size: 512B - Virtual size: 4B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 542KB

Shared
Size: 512B - Virtual size: 4B

.reloc
Size: 3KB - Virtual size: 3KB