c0c5edc5450c1c888c6580b0306f63e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0c5edc5450c1c888c6580b0306f63e3_JaffaCakes118
Size

2.2MB
MD5

c0c5edc5450c1c888c6580b0306f63e3
SHA1

69def35c8d41d7e9ec2358905beb0c71a47da374
SHA256

b6d5808f000df34df8fb1da1f049251903fc68ba31e37a3818ba86f5cdf3ea3d
SHA512

77e334e965554d30c1e168845636152555d97c02eaed177f4dd79a2cf9dc5a51718d244dbb3813a83e60d49c0a2f52af1083ae679654b0ee3d1039ab946e0b3d
SSDEEP

49152:SJ5nO2yHOpAW3yhb+bCUQsYnYXR92/Dt:R2yBB+G4dSp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0c5edc5450c1c888c6580b0306f63e3_JaffaCakes118

Files

c0c5edc5450c1c888c6580b0306f63e3_JaffaCakes118
.dll windows:6 windows x86 arch:x86

32284c81dcaccfd67eedda3c0445e0fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
CreateEventA
GetTickCount
VirtualQuery
GetModuleFileNameA
MultiByteToWideChar
FindClose
FindFirstFileA
FindNextFileA
GetFullPathNameA
lstrcmpA
lstrcmpiA
TerminateProcess
GlobalAlloc
GlobalUnlock
GlobalLock
QueryPerformanceCounter
QueryPerformanceFrequency
GetVolumeInformationA
GetComputerNameA
CloseHandle
Sleep
CreateThread
DisableThreadLibraryCalls
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
K32GetModuleInformation
lstrlenA
GetModuleHandleA
GetCurrentProcess
IsBadReadPtr
VirtualProtect
GetProcessHeap
HeapAlloc
WritePrivateProfileStringA
GetPrivateProfileStringA
GetFileAttributesA
GetLastError
Beep
GetTickCount64
InitializeSListHead

user32

EmptyClipboard
SetCursor
SetClipboardData
CloseClipboard
OpenClipboard
GetKeyState
GetClientRect
MessageBoxA
GetClipboardData
CallWindowProcA
SetWindowLongA
FindWindowA
GetAsyncKeyState
SendInput

advapi32

CryptReleaseContext
RegOpenKeyExA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
GetCurrentHwProfileA
CryptAcquireContextA
GetUserNameA
RegQueryValueExA

oleaut32

SysFreeString
SysAllocStringLen

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setf@ios_base@std@@QAEHHH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Xbad_alloc@std@@YAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Xlength_error@std@@YAXPBD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z

d3dx9_43

D3DXCreateFontA

wininet

InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA

winmm

PlaySoundA

imm32

ImmGetContext
ImmSetCompositionWindow

vcruntime140

memcpy
memchr
__std_exception_copy
memmove
memcmp
strchr
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__std_type_info_destroy_list
_purecall
memset
__CxxFrameHandler3
_CxxThrowException
__std_exception_destroy
strstr

api-ms-win-crt-math-l1-1-0

_except1
_libm_sse2_pow_precise
_fdtest
floor
_CIatan2
_libm_sse2_sqrt_precise
ceil
_CIfmod
_libm_sse2_cos_precise
_libm_sse2_sin_precise

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
terminate
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_cexit
_errno
_crt_atexit
_execute_onexit_table
_register_onexit_function
exit
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_configure_narrow_argv

api-ms-win-crt-time-l1-1-0

_localtime64
_time64

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-stdio-l1-1-0

fflush
fclose
_get_stream_buffer_pointers
__acrt_iob_func
_wfopen
fread
__stdio_common_vsscanf
fgetpos
__stdio_common_vfprintf
fseek
ftell
fgetc
fputc
__stdio_common_vsprintf_s
fsetpos
__stdio_common_vsprintf
_fseeki64
fwrite
ungetc
setvbuf

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-string-l1-1-0

isprint
toupper
strcpy_s
strncmp
strncpy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

Exports

Exports

?ReflectiveLoader@@YGKXZ

Sections

.text
Size: 442KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32284c81dcaccfd67eedda3c0445e0fb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

msvcp140

d3dx9_43

wininet

winmm

imm32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 442KB - Virtual size: 442KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 442KB - Virtual size: 442KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 18KB - Virtual size: 18KB