c89fe53ee84e068aad85c57c3f3b4057_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c89fe53ee84e068aad85c57c3f3b4057_JaffaCakes118
Size

86KB
MD5

c89fe53ee84e068aad85c57c3f3b4057
SHA1

c47ce46b6c1aa79650109b5786fc28743a5f6396
SHA256

be5fb48ff262b777b266e21c05446f7325cc76174f9da803c24b97beab731a2d
SHA512

5bf95f2992d27b2b41b969eec5bf7fc59a4e8ba89ca7d444c57358d5cff8c4647cc4dd40f07a28f95735a00cfcd0f079effc402556e7144675181f13b4bffe10
SSDEEP

1536:OnIWiokmFzSDgYVGpqtmYcUQVplGcLh4c1OhfaLsU/53Jg3bPe8cUJ3sMU:IXi1VGkJkh4KORaLsU/Se8cUJ3sMU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c89fe53ee84e068aad85c57c3f3b4057_JaffaCakes118

Files

c89fe53ee84e068aad85c57c3f3b4057_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0926650ddb6ff79f3f2fea8d202e1ac9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
ReadFile
MoveFileA
SetLastError
TerminateThread
CreateProcessA
MapViewOfFile
CreateFileMappingA
GetLocalTime
UnmapViewOfFile
GlobalFree
FindClose
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
TerminateProcess
WaitForMultipleObjects
LocalSize
OpenProcess
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetCurrentThreadId
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetFileAttributesA
CreateDirectoryA
GetLastError
CreateFileA
SetFilePointer
WriteFile
FreeConsole
GetVersionExA
GetModuleHandleA
GetCurrentProcess
GetModuleFileNameA
lstrlenA
CreateThread
GetTickCount
SetUnhandledExceptionFilter
CreateMutexA
SetErrorMode
OpenEventA
ReleaseMutex
GetProcessHeap
HeapAlloc
HeapFree
lstrcatA
WinExec
CopyFileA
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
CancelIo
InterlockedExchange
SetEvent
OutputDebugStringA
lstrcpyA
ResetEvent
WaitForSingleObject
InitializeCriticalSection
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
GlobalUnlock

user32

wsprintfA
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetProcessWindowStation
CharNextA
MessageBoxA
GetWindowTextA
GetActiveWindow
UnhookWindowsHookEx
LoadCursorA
DestroyCursor
GetThreadDesktop
OpenDesktopA
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
GetCursorPos
GetCursorInfo
ExitWindowsEx
IsWindowVisible
EnumWindows
CloseDesktop
PostMessageA
SystemParametersInfoA
CreateWindowExA
CloseWindow
IsWindow
OpenWindowStationA
SetProcessWindowStation
SendMessageA
ReleaseDC

gdi32

GetDIBits
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
DeleteDC
CreateCompatibleBitmap
BitBlt

advapi32

LookupPrivilegeValueA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
AdjustTokenPrivileges
OpenProcessToken
CloseEventLog
ClearEventLogA
OpenEventLogA
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegCreateKeyExA

shell32

SHGetFileInfoA
ShellExecuteA
DoEnvironmentSubstA

ws2_32

WSAStartup
WSACleanup
gethostbyname
socket
closesocket
WSAIoctl
setsockopt
connect
getsockname
gethostname
inet_addr
send
select
recv
ntohs
htons

msvcrt

_strrev
__CxxFrameHandler
_strcmpi
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
_beginthreadex
strncat
strrchr
strcat
_except_handler3
free
strncpy
wcstombs
strtok
strcmp
strchr
realloc
sprintf
strcpy
malloc
_access
fopen
fread
fclose
atoi
_CxxThrowException
memcmp
??2@YAPAXI@Z
memset
_strnicmp
strstr
strlen
_ftol
ceil
memmove
memcpy
??3@YAXPAX@Z

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

ICSendMessage
ICOpen
ICSeqCompressFrame
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSeqCompressFrameStart

iphlpapi

AddIPAddress
GetInterfaceInfo

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

shlwapi

PathFileExistsA

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

QgptkagOckl

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0926650ddb6ff79f3f2fea8d202e1ac9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

msvcrt

wininet

avicap32

msvfw32

iphlpapi

msvcp60

shlwapi

psapi

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 7KB - Virtual size: 10KB

.edata Size: 512B - Virtual size: 70B

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 7KB - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 70B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 4KB