c8ed4e5036abd8f583d8342a6e209274_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8ed4e5036abd8f583d8342a6e209274_JaffaCakes118
Size

213KB
MD5

c8ed4e5036abd8f583d8342a6e209274
SHA1

ecf5975d2cc7087a6d6b89079d895a5fc34ad1ec
SHA256

3e2fb0eae7d86a27e92f1dd9cadadd24aec3c2487ca2d0444200b693e4313f49
SHA512

e4c655d5fa267772e5e4bfb3e7df6e99bb7002cd0ddee169bd50eddcbbea4b3b29bd86c2a9e3871d7e7f03d1110e05787c9ea6053c366b3b2ef968e8e927466b
SSDEEP

6144:bsMYhp6kvBL7U8MX4OS3jKp7dzmk2K9u2JBbb:bsMS6GBLo8MXQ2P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8ed4e5036abd8f583d8342a6e209274_JaffaCakes118

Files

c8ed4e5036abd8f583d8342a6e209274_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dde8aa958980e2bbe1f872faedaeec24

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA

msvcrt

_strlwr
time
__CxxFrameHandler
??2@YAPAXI@Z
strrchr
getenv
_strnicmp
_stat
_CxxThrowException
printf
strncmp
wprintf
_purecall
_ftol
_CIasin
_mbscmp
??1type_info@@UAE@XZ
_CIacos
_CIpow
_setjmp3
__CxxLongjmpUnwind
longjmp
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_mkdir
strftime
_stricmp
isspace
strchr
abort
strtok
strncpy
wcscpy
wcscat
wcslen
_snprintf
memmove
atol
sscanf
rename
_mbsnbicmp
localtime
mktime
vsprintf
free
malloc
exit
strstr
atoi
sprintf
_access
fopen
fseek
ftell
fclose
fread
fwrite
srand
rand

ws2_32

gethostbyname
ntohl
inet_addr
htons
ntohs
WSAStartup
sendto
socket
bind
recvfrom
gethostname

iphlpapi

GetAdaptersInfo

rasapi32

RasEnumConnectionsA
RasEnumEntriesA
RasGetEntryDialParamsA

setupapi

SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

netapi32

Netbios

advapi32

LsaClose
CloseServiceHandle
ControlService
OpenServiceA
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
CreateServiceA
StartServiceA
RegEnumValueA
GetUserNameA
LookupAccountNameA
ConvertSidToStringSidW
LsaOpenPolicy
LsaRetrievePrivateData
DeleteService
RegConnectRegistryA
RegOpenKeyA
RegEnumKeyA
OpenSCManagerW
OpenServiceW
QueryServiceStatus

user32

ChangeClipboardChain
PostQuitMessage
SetClipboardViewer
DefWindowProcA
GetPriorityClipboardFormat
OpenClipboard
GetClipboardData
GetForegroundWindow
GetWindowTextA
CloseClipboard
SendMessageA
RegisterClassExA
CreateWindowExA
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
IsCharAlphaNumericA
wsprintfA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
GetDC
ReleaseDC
CloseWindowStation
CloseDesktop
GetSystemMetrics

oleaut32

GetErrorInfo

kernel32

GetPrivateProfileStringA
InterlockedCompareExchange
MoveFileExA
TerminateThread
LocalFree
LocalAlloc
lstrlenA
SetLastError
WriteFile
CreateFileW
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
DeviceIoControl
GetFileSize
ReadFile
CreateFileA
GetPrivateProfileIntA
GetFileTime
LocalFileTimeToFileTime
SetFileTime
OutputDebugStringA
CreateMutexA
GetProcAddress
SetFileAttributesA
InterlockedIncrement
InterlockedDecrement
GetTempPathA
GetTickCount
GetWindowsDirectoryA
CopyFileA
DeleteFileA
MoveFileA
WideCharToMultiByte
GetEnvironmentVariableA
GetVersionExA
GetSystemDefaultLCID
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLocalTime
GetCurrentProcess
GetCurrentThread
TerminateProcess
OpenProcess
FindClose
FindNextFileA
FindFirstFileA
GetCurrentProcessId
SetFilePointer
lstrcpyA
lstrcatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetVolumeInformationA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
LoadLibraryA
FindResourceA
GetLogicalDrives
WritePrivateProfileStringA
DeleteCriticalSection
ResumeThread
GetExitCodeThread
CreateEventA
InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObject
EnterCriticalSection
SetEvent
GetCurrentThreadId
GetModuleFileNameA
SystemTimeToFileTime
LoadResource
LockResource
SizeofResource
FreeLibrary
InterlockedExchange
GetLastError
Sleep
CreateProcessA
CreateThread
CloseHandle

mfc42

ord4278
ord6883
ord5710
ord535
ord665
ord354
ord2614
ord541
ord801
ord5683
ord4129
ord924
ord858
ord537
ord6877
ord540
ord800
ord860
ord2818

gdi32

CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetDeviceCaps
GetStockObject
SelectPalette
RealizePalette
GetDIBits
DeleteObject
DeleteDC
GetPixel

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

StgOpenStorage
CoInitialize
CoCreateInstance
CoUninitialize
StgIsStorageFile
CoTaskMemFree

winmm

waveInStart
mixerOpen
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetNumDevs
waveInUnprepareHeader
waveInOpen
waveInGetErrorTextA
waveInPrepareHeader
waveInAddBuffer
waveInReset
waveInClose
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetDevCapsA
mixerClose

Exports

Exports

DealA
DealB

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dde8aa958980e2bbe1f872faedaeec24

Headers

File Characteristics

Imports

shlwapi

msvcrt

ws2_32

iphlpapi

rasapi32

setupapi

netapi32

advapi32

user32

oleaut32

kernel32

mfc42

gdi32

shell32

ole32

winmm

Exports

Exports

Sections

.text Size: 159KB - Virtual size: 158KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 27KB - Virtual size: 74KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 159KB - Virtual size: 158KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 27KB - Virtual size: 74KB

.reloc
Size: 11KB - Virtual size: 10KB