cf4f3d8b80662e1d878d36b8a232d32c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf4f3d8b80662e1d878d36b8a232d32c_JaffaCakes118
Size

32KB
MD5

cf4f3d8b80662e1d878d36b8a232d32c
SHA1

db06bc1c239458f73dfeca3df01c5d00cebb1d51
SHA256

0da17944fa78adbcd83988c61252ce3ce6af3b314892e72ea002a3c86918ed5e
SHA512

272e607008982a9d1884eaac7d1ff3c20993f7ac8c6bff317f9960791759932d891f47163b4cebc08804fda9ebe949e480410f4907a4e085164efb8ad388a197
SSDEEP

384:oWRxD56W1rRy2408lh/jkcIRagzN5wj7D77iYfiIuIzawYJFJLCRCkI8a:91QWtHd8PZIaaN5kD75KINzhqDmRCkIT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf4f3d8b80662e1d878d36b8a232d32c_JaffaCakes118

Files

cf4f3d8b80662e1d878d36b8a232d32c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3597414e56434615374de1d4e231f66b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
ReadFile
GetFileSize
SetFilePointer
GetLastError
CreateEventA
GetModuleFileNameA
GetTempPathA
GetWindowsDirectoryA
CreateThread
SetFileAttributesA
GetCommandLineA
Sleep
GetSystemDirectoryA
MultiByteToWideChar
DeleteFileA
GlobalLock
CreateFileA
WriteFile
GlobalUnlock
GlobalFree
CloseHandle
LoadLibraryA
GetProcAddress
GlobalAlloc
VirtualProtect
ExitProcess
IsBadReadPtr
GetCurrentDirectoryA

user32

GetClassNameA
SetWindowLongA
RegisterShellHookWindow
RegisterWindowMessageA
CallWindowProcA
wsprintfA
GetDesktopWindow
GetDC
GetWindowRect
ReleaseDC
GetParent
GetWindowThreadProcessId
EnumWindows
GetWindowTextA
GetClientRect

gdi32

CreateDCA
GetDeviceCaps
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC

gdiplus

GdiplusShutdown
GdipDisposeImage
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipFree
GdipAlloc
GdipCloneImage
GdipSaveImageToFile
GdipLoadImageFromFile

msvcp60

??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

ws2_32

connect
htons
gethostbyname
socket
recv
send
inet_ntoa
WSAStartup
WSACleanup
inet_addr
closesocket

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

strrchr
strchr
_access
strncpy
abs
malloc
wcscmp
??2@YAPAXI@Z
memcpy
__CxxFrameHandler
free
__dllonexit
_onexit
_initterm
_adjust_fdiv
_getpid
_stricmp
_strlwr
_strrev
atoi
strcmp
memset
sprintf
strcat
fopen
fgets
strstr
strlen
strcpy
fclose

netapi32

Netbios

Exports

Exports

COMResModuleInstance
DriverProc
KsCreateAllocator
KsCreatePin
KsCreateTopologyNode
ServerMain
modMessage
modmCallback

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3597414e56434615374de1d4e231f66b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

gdiplus

msvcp60

ws2_32

wininet

msvcrt

netapi32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 543KB

Shared Size: 512B - Virtual size: 4B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 543KB

Shared
Size: 512B - Virtual size: 4B

.reloc
Size: 3KB - Virtual size: 3KB