cf6c8904dc8fb774eb82d0324af0f91d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf6c8904dc8fb774eb82d0324af0f91d_JaffaCakes118
Size

384KB
MD5

cf6c8904dc8fb774eb82d0324af0f91d
SHA1

3dd8c112d26db39131d0ee362478c5317b71dde9
SHA256

27630f2c2e98a69446b130d7e8ba73a58f91958429cc61129e9b1589b03cf833
SHA512

d5007afb2270b7543ce1fdf77ca497589d164dc3f14a39b646f043c9df6ac4ab535a67d73b8d4f897656f69490448aa51acada882772a8beddde928762e80e4d
SSDEEP

6144:eFClV3EPYyH8U+Gr+4TjNgCkuaibauleOAnOFXVTzyENeQBB6TSK:NlV3EPYyHdr+4PNydlYkOFZz1sQn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf6c8904dc8fb774eb82d0324af0f91d_JaffaCakes118

Files

cf6c8904dc8fb774eb82d0324af0f91d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5066964a2640855ff0387145b8690d19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msimg32

TransparentBlt

gdi32

CreatePen
StretchBlt
DeleteObject
SetTextColor
GetTextColor
SelectObject
SetBkMode
CreateFontA
GetObjectA
GetStockObject
RestoreDC
SaveDC
RoundRect
CreateBrushIndirect
CreateCompatibleDC
GetBitmapDimensionEx
BitBlt

netapi32

Netbios

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetConnectA
HttpSendRequestA
InternetCrackUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA
InternetGetConnectedState
HttpOpenRequestA

shlwapi

StrStrIA
PathCombineA
PathRemoveExtensionA
PathAddBackslashA
PathRemoveBackslashA
PathFindFileNameA
PathAddExtensionA
SHSetValueA
SHGetValueA
SHDeleteKeyA
SHDeleteValueA
StrRChrA
PathStripToRootA
StrStrA
PathRemoveFileSpecA
PathAppendA
StrChrA
StrTrimA
PathFindExtensionA
StrCmpNIA

kernel32

GetTimeZoneInformation
InterlockedExchange
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetDriveTypeA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
DeleteFileA
GetTempFileNameA
GetTempPathA
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
lstrcmpiA
lstrcatA
lstrcpyA
GetTickCount
GetLocalTime
FindNextFileA
lstrcmpA
FindFirstFileA
WritePrivateProfileStringA
Sleep
GetPrivateProfileIntA
CreateDirectoryA
EnterCriticalSection
LeaveCriticalSection
FindClose
RemoveDirectoryA
CopyFileA
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryA
WriteFile
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetVersionExA
GetShortPathNameA
GetModuleFileNameA
DisableThreadLibraryCalls
MultiByteToWideChar
SetEvent
lstrcpynA
WaitForSingleObject
CreateEventA
GetLastError
CreateMutexA
GetCurrentThreadId
GetPrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetWindowsDirectoryA
MoveFileExA
SetFileAttributesA
GetFileAttributesA
GetSystemDirectoryA
LockResource
SizeofResource
LoadResource
FindResourceA
GetModuleHandleA
SystemTimeToFileTime
SetEndOfFile
FlushFileBuffers
SetFilePointer
ReleaseMutex
CreateProcessA
MoveFileA
InterlockedCompareExchange
CreateThread
TerminateThread
GetExitCodeThread
SetUnhandledExceptionFilter
CreateSemaphoreA
ReleaseSemaphore
InterlockedDecrement
WideCharToMultiByte
GetCurrentDirectoryA
LocalFileTimeToFileTime
SetFileTime
FileTimeToSystemTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
RtlUnwind
LocalAlloc
GetSystemTime
RaiseException
InterlockedIncrement
TlsSetValue
TlsGetValue
ExitThread
HeapFree
HeapAlloc
GetFullPathNameA
GetCommandLineA
GetVersion
TlsAlloc
TlsFree
SetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP

user32

InflateRect
CharUpperA
SendMessageA
FindWindowA
MessageBoxA
DispatchMessageA
TranslateMessage
GetMessageA
CloseDesktop
CloseWindowStation
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
PostQuitMessage
DefWindowProcA
ShowWindow
CreateWindowExA
RegisterClassExA
GetClassInfoExA
DrawTextA
OffsetRect
SetRect
GetClientRect
SetDlgItemTextA
GetParent
EndPaint
BeginPaint
DialogBoxParamA
InvalidateRect
GetDlgItem
EndDialog
GetDlgItemTextA
IsWindow
SystemParametersInfoA
LoadIconA
GetWindowTextA
LoadCursorA
LoadBitmapA
SetForegroundWindow
SetWindowPos
GetWindowRect
PtInRect
DrawIconEx
ReleaseDC
GetWindowDC
wsprintfA
GetDesktopWindow

shell32

SHGetSpecialFolderPathA

ole32

OleInitialize
OleCreate
OleSetContainedObject

oleaut32

SysFreeString
SysAllocString
VariantClear

ws2_32

recv
WSAStartup
WSACleanup
gethostbyname
htons
closesocket
select
connect
ioctlsocket
socket
send

Exports

Exports

CoreSvr
Install
PopWnd
ProcessShow
Service
Uninstall

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5066964a2640855ff0387145b8690d19

Headers

File Characteristics

Imports

msimg32

gdi32

netapi32

setupapi

version

wininet

shlwapi

kernel32

user32

shell32

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 20KB - Virtual size: 46KB

.rsrc Size: 116KB - Virtual size: 114KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 20KB - Virtual size: 46KB

.rsrc
Size: 116KB - Virtual size: 114KB

.reloc
Size: 16KB - Virtual size: 15KB