bf5bb2db9929169f0c6feddca65e13d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf5bb2db9929169f0c6feddca65e13d1_JaffaCakes118
Size

772KB
MD5

bf5bb2db9929169f0c6feddca65e13d1
SHA1

4366e90cd1ce527b6a071c14461430715f03d879
SHA256

41d852eb71ebe42ef7926cc8165e8b2476b07428b68df716b4a9f9d86a8ce889
SHA512

7157fe20e1016f7f16c5163abf9abf7ba454b249bd537b082be7a42e59f86ce30f2569b24e916d2219213c907140e4c15babb635915bd9f42d23900d6440ac67
SSDEEP

12288:+WWr3iQZsxaU6RPrd6KSbNhnf8qW0AORfgaYwoZq:+piQKIU6tZAbNhC0AofrYwf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf5bb2db9929169f0c6feddca65e13d1_JaffaCakes118

Files

bf5bb2db9929169f0c6feddca65e13d1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4bd29f48ed0a1771043f05d160ddeac7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\autobuild\root\spyframe\trunk\release\SpyCleaner.pdb

Imports

rpcrt4

UuidCreate

msi

ord8
ord73
ord144
ord46
ord103
ord124
ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

CreateDirectoryA
CreateFileA
GetBinaryTypeA
GetFileSize
FindFirstFileA
GetFileAttributesA
FindNextFileA
FindClose
GetProcessHeap
ConnectNamedPipe
SleepEx
WriteFile
SetFilePointer
SetLastError
ReadFile
LocalAlloc
TlsAlloc
TlsSetValue
TlsGetValue
TlsFree
FlushFileBuffers
DisconnectNamedPipe
VirtualAlloc
VirtualFree
GetModuleFileNameA
GetVersionExA
GetOverlappedResult
GetWindowsDirectoryA
WritePrivateProfileStringA
GetModuleHandleA
GetStdHandle
lstrcpyA
GetLocalTime
TerminateProcess
CreateNamedPipeA
CopyFileA
GetFileTime
FileTimeToSystemTime
GetSystemInfo
RaiseException
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetThreadLocale
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
OpenProcess
GetFullPathNameA
SetThreadPriority
ResumeThread
GetCurrentThreadId
SetEvent
SuspendThread
GlobalGetAtomNameA
FileTimeToLocalFileTime
GetModuleFileNameW
InterlockedDecrement
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
InterlockedIncrement
lstrcmpA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalFlags
GetLocaleInfoA
GetCPInfo
GetOEMCP
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
VirtualProtect
VirtualQuery
GetCommandLineA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
SetCurrentDirectoryA
SetStdHandle
GetFileType
ExitProcess
RtlUnwind
ExitThread
CreateThread
HeapSize
GetACP
IsValidCodePage
SetHandleCount
GetStartupInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
QueryDosDeviceA
GetCurrentProcessId
SetFileAttributesA
InterlockedExchange
CompareStringW
DeleteCriticalSection
CompareStringA
lstrlenA
GetCurrentProcess
GetVersion
DeleteFileA
Sleep
MoveFileExA
GetDriveTypeA
GetLogicalDrives
LocalFree
WaitForSingleObject
FormatMessageA
TerminateThread
LeaveCriticalSection
Module32Next
Module32First
EnterCriticalSection
Process32Next
Process32First
CreateToolhelp32Snapshot
MoveFileA
CreateIoCompletionPort
InitializeCriticalSection
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
GetEnvironmentVariableA
CloseHandle
CreateEventA
SetEnvironmentVariableA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
MultiByteToWideChar
LockResource
WideCharToMultiByte
ExpandEnvironmentStringsA
SizeofResource
LoadResource
FindResourceA
GetVolumeInformationA
GetCurrentDirectoryA

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetMapMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Exports

Exports

MsiInstall
MsiUninstall
PIEDelete
PIEInit
PIENew

Sections

.text
Size: 576KB - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bd29f48ed0a1771043f05d160ddeac7

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

msi

version

kernel32

gdi32

comdlg32

winspool.drv

Exports

Exports

Sections

.text Size: 576KB - Virtual size: 573KB

.rdata Size: 108KB - Virtual size: 105KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 24KB - Virtual size: 22KB

.reloc Size: 44KB - Virtual size: 41KB

.text
Size: 576KB - Virtual size: 573KB

.rdata
Size: 108KB - Virtual size: 105KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 24KB - Virtual size: 22KB

.reloc
Size: 44KB - Virtual size: 41KB