c97c85f90fdddff16e62d4dc5c5cbbec_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c97c85f90fdddff16e62d4dc5c5cbbec_JaffaCakes118
Size

212KB
MD5

c97c85f90fdddff16e62d4dc5c5cbbec
SHA1

141a4432eadba9b9f5d72d9e47ae1bbe3621a665
SHA256

697e167b9883004012787b6cdcd190e5d63159641777f3984ff46dcc4dc6dd89
SHA512

5e7f28edfd510b7cc906e8d96786463c88795b193f39662fde335dae2ae3653023d72878a55feeb1b19d40ff42c469f7e20c8c4fefd490c76a76f7cc4d662fa7
SSDEEP

3072:MGYKDveWqIm4Ze3HluMf2ERNyDqzplKyt9ERUYZkBItzi1mXAf83Gs:lYAm4MYMfzNFznK78WziMtf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c97c85f90fdddff16e62d4dc5c5cbbec_JaffaCakes118

Files

c97c85f90fdddff16e62d4dc5c5cbbec_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8711abfc4608c48063db894deed228e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchangeAdd
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
GetExitCodeProcess
TerminateProcess
LoadLibraryW
VirtualQuery
GetModuleFileNameW
ExpandEnvironmentStringsW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteCriticalSection
InitializeCriticalSection
GetSystemTime
CreateProcessW
GetTickCount
lstrlenW
GetVolumeInformationW
GetWindowsDirectoryW
GetSystemInfo
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeThread
SetThreadPriority
TerminateThread
Sleep
lstrlenA
LocalFree
LocalAlloc
WriteFile
CreateFileW
DeleteFileW
FreeLibrary
GetProcAddress
LoadLibraryA
GetTempFileNameW
GetTempPathW
CloseHandle

user32

SetWindowLongW
CallWindowProcW
SystemParametersInfoW
GetWindowLongW
GetParent
GetWindow
GetClientRect
MapWindowPoints
wsprintfW
PostMessageW
IsWindow
FindWindowW
SendMessageW
ShowWindow
SetWindowTextW
SetWindowPos
GetWindowRect

xpcom

NS_StringGetData
NS_CStringGetData
NS_Free
NS_CStringContainerFinish
NS_CStringContainerInit
NS_StringContainerInit
NS_StringContainerFinish
NS_CStringSetData
NS_GetServiceManager
NS_GetComponentManager
NS_Alloc
NS_StringContainerInit2

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

msvcp60

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBGI@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
??0out_of_range@std@@QAE@ABV01@@Z
?_Xlen@std@@YAXXZ
?_Xran@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z

msvcrt

?terminate@@YAXXZ
_except_handler3
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
free
_beginthreadex
towlower
_wtoi
_itow
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
memcpy
strlen
strcpy
??2@YAPAXI@Z
difftime
time
_purecall
memmove
wcslen
__CxxFrameHandler
wcscpy
_itoa

urlmon

URLDownloadToFileW

imagehlp

MapAndLoad
UnMapAndLoad

shlwapi

StrStrIW
PathMatchSpecW
UrlEscapeW
UrlGetPartW

wininet

HttpOpenRequestW
InternetOpenW
InternetCrackUrlW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetSetOptionW
InternetQueryOptionW
InternetConnectW

dnsapi

DnsFree

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ShellExecuteW

advapi32

RegQueryValueExW
CryptGenRandom
RegCreateKeyW
RegCloseKey
CryptAcquireContextW
RegSetValueExW
RegDeleteValueW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

ole32

CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocString
SysStringLen

Exports

Exports

NSGetModule

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8711abfc4608c48063db894deed228e7

Headers

File Characteristics

Imports

kernel32

user32

xpcom

nspr4

msvcp60

msvcrt

urlmon

imagehlp

shlwapi

wininet

dnsapi

version

shell32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 144KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 776B

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 148KB - Virtual size: 144KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 776B

.reloc
Size: 16KB - Virtual size: 14KB