cf8b3ba6b38fc6bb4711658033ade658_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf8b3ba6b38fc6bb4711658033ade658_JaffaCakes118
Size

372KB
MD5

cf8b3ba6b38fc6bb4711658033ade658
SHA1

481bff8dd05c80fa739ffdecd1501fe8bc86ebdb
SHA256

1058616f3615a210c0a94ca32a4c844e872b3c63fda39af91b749ffc2151fbbc
SHA512

84cc0bb2c422e1c15d6f680db2d91d878095ed77aa97da75b9a223117d1f98abe87d2ebdbfd6f66243c248d34f6dc39eae93159a72c12c6b346c641461f0ec24
SSDEEP

6144:BqeCby6Uk1t4FonENOtOPGfqfo5s6tUkk1CH+fvxIUUkgWHGbOaOgACfEvGIAH8O:Back1t4OENOtOPGfqfo5s6tUkjH+dUGe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf8b3ba6b38fc6bb4711658033ade658_JaffaCakes118

Files

cf8b3ba6b38fc6bb4711658033ade658_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9668480708dbc63b63913082d88aedcb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Drive1\temp\buildwar3x\Storm\bin\Storm.pdb

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
memset
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
ferror
_strlwr
_snprintf
strchr
isdigit
vsprintf
fopen
fclose
fseek
ftell
_fileno
_fstat64i32
fread
memmove
_fullpath
toupper
_vsnprintf
strpbrk
wcstombs
setlocale
_stat64i32
_strupr
_purecall
strncmp
_strnicmp
strstr
strtol
strtoul
_stricmp
memcpy
__CxxFrameHandler3
qsort
strncpy
strrchr
sprintf
isprint
__clean_type_info_names_internal
calloc

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

UnhandledExceptionFilter
ResumeThread
GetThreadPriority
VirtualLock
VirtualUnlock
CreateProcessA
GetSystemTime
SystemTimeToFileTime
VirtualFree
VirtualAlloc
FlushFileBuffers
WaitForMultipleObjects
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
EnterCriticalSection
InitializeCriticalSection
IsBadReadPtr
GetModuleFileNameA
GetComputerNameA
GetLastError
GetCurrentProcess
GetModuleHandleA
VirtualQuery
lstrcpynA
GetCurrentThread
IsBadWritePtr
InterlockedDecrement
GetLocalTime
InterlockedIncrement
GetCurrentProcessId
CloseHandle
WaitForSingleObject
CreateThread
GetCurrentThreadId
WriteFile
CreateFileA
ReadFile
GetFileSize
GetCommandLineA
FindNextFileA
FindFirstFileA
FindClose
LockResource
LoadResource
FindResourceA
GetTickCount
MulDiv
FreeResource
SizeofResource
HeapAlloc
GetProcessHeap
GetFileAttributesA
CreateDirectoryA
FormatMessageA
ExitProcess
SetLastError
DeleteFileA
HeapFree
TerminateProcess
GetExitCodeProcess
GetVersion
SetFilePointer
OutputDebugStringA
SetUnhandledExceptionFilter
GetDiskFreeSpaceA
GetVolumeInformationA
GetDriveTypeA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetEvent
SetThreadPriority
CreateEventA
InterlockedExchange
InterlockedCompareExchange
GetSystemInfo
Sleep
ResetEvent

user32

GetWindowTextLengthA
DrawEdge
BeginPaint
GetUpdateRgn
GetDlgCtrlID
DefDlgProcA
SetActiveWindow
GetActiveWindow
EnableWindow
IsWindowEnabled
SetCursor
LoadCursorA
GetClassInfoA
RegisterClassA
PostMessageA
GetDlgItem
DispatchMessageA
TranslateMessage
IsDialogMessageA
PostQuitMessage
PeekMessageA
CreateWindowExA
ShowWindow
AdjustWindowRectEx
DestroyWindow
GetSystemMetrics
DestroyCursor
GetForegroundWindow
MessageBoxA
LoadIconA
CreateCursor
GetMessageA
GetDlgItemTextA
SetDlgItemTextA
SendDlgItemMessageA
DrawTextA
DrawFocusRect
SetWindowLongA
GetFocus
SetFocus
RemovePropA
CallWindowProcA
DefWindowProcA
GetPropA
IsIconic
GetClientRect
ClientToScreen
GetParent
GetClassLongA
SetClassLongA
FindWindowExA
EndPaint
SetPropA
EndDialog
SendMessageA
IsWindow
GetClassNameA
IsWindowVisible
GetWindowLongA
ShowCursor
GetDC
ReleaseDC
GetCursorPos
GetDesktopWindow
GetWindowThreadProcessId
wsprintfA
LoadStringA
GetWindowRect
IntersectRect
ScreenToClient
InvalidateRect
GetTopWindow
GetWindow
GetWindowTextA

gdi32

SetBkColor
SetBkMode
SetTextColor
SetTextAlign
GetCurrentObject
GetCharABCWidthsA
CreateFontA
GetDeviceCaps
RealizePalette
SelectPalette
SetPaletteEntries
CreatePalette
GetSystemPaletteEntries
GetDIBits
ExtTextOutA
Rectangle
CreateDIBitmap
GetStockObject
RectInRegion
CreateRectRgn
CombineRgn
DeleteObject
GetRegionData
GdiFlush
CreateCompatibleDC
GetTextMetricsA
GetTextExtentPoint32A
SelectObject
DeleteDC

comdlg32

GetSaveFileNameA

advapi32

RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
GetUserNameA

Exports

Exports

??0CDebugSCritSect@@QAE@XZ
??0CDebugSRWLock@@QAE@XZ
??0CSRWLock@@QAE@XZ
??0SCritSect@@QAE@XZ
??0SEvent@@QAE@HH@Z
??0SSyncObject@@QAE@XZ
??1CDebugSCritSect@@QAE@XZ
??1CDebugSRWLock@@QAE@XZ
??1CSRWLock@@QAE@XZ
??1SCritSect@@QAE@XZ
??1SSyncObject@@QAE@XZ
?Close@SFile@@SGKPAV1@@Z
?Create@SThread@@SIHP6GIPAX@Z0AAV1@PAD@Z
?CreateOverlapped@SFile@@SGXPAUSOVERLAPPED@@@Z
?DestroyOverlapped@SFile@@SGXPAUSOVERLAPPED@@@Z
?EnableHash@SFile@@SGX_N@Z
?Enter@CDebugSCritSect@@QAEXPBDK@Z
?Enter@CDebugSRWLock@@QAEXHPBDK@Z
?Enter@CSRWLock@@QAEXH@Z
?Enter@SCritSect@@QAEXXZ
?FileExists@SFile@@SGHPBD@Z
?GetActualFileName@SFile@@SGHPAV1@PADK@Z
?GetBasePath@SFile@@SGHPADK@Z
?GetFileSize@SFile@@SGKPAV1@PAK@Z
?Leave@CDebugSCritSect@@QAEXPBDK@Z
?Leave@CDebugSRWLock@@QAEXHPBDK@Z
?Leave@CSRWLock@@QAEXH@Z
?Leave@SCritSect@@QAEXXZ
?Load@SFile@@SGKPAVSArchive@@PBDPAPAXPAKKKPAUSOVERLAPPED@@@Z
?LoadFile@SFile@@SGKPBDPAPAXPAKKPAUSOVERLAPPED@@@Z
?Open@SFile@@SGKPBDPAPAV1@@Z
?PollOverlapped@SFile@@SGHPAUSOVERLAPPED@@@Z
?Read@SFile@@SGKPAV1@PAXKPAKPAUSOVERLAPPED@@PAU_TASYNCPARAMBLOCK@@@Z
?Reset@SEvent@@QAEHXZ
?ResetOverlapped@SFile@@SGXPAUSOVERLAPPED@@@Z
?SCreateThread@@YIPAXP6GIPAX@Z0PAI0PAD@Z
?SGetCurrentThreadId@@YIKXZ
?SGetCurrentThreadPriority@@YIHXZ
?SInterlockedCompareExchange@@YI_JPA_JAB_J1@Z
?SInterlockedCompareExchangePointer@@YIPAXPAPAXPAX1@Z
?SInterlockedDecrement@@YIJPAJ@Z
?SInterlockedExchange@@YIJPAJJ@Z
?SInterlockedExchange@@YI_JPA_JAB_J@Z
?SInterlockedIncrement@@YIJPAJ@Z
?SInterlockedRead@@YI_JPB_J@Z
?SSetCurrentThreadPriority@@YIXH@Z
?Set@SEvent@@QAEHXZ
?SetBasePath@SFile@@SGHPBD@Z
?SetFilePointer@SFile@@SGKPAV1@JPAJK@Z
?Unload@SFile@@SGHPAX@Z
?Wait@SSyncObject@@QAEKK@Z
?WaitMultiplePtr@@YIKIQAPAVSSyncObject@@HK@Z
?WaitOverlapped@SFile@@SGXPAUSOVERLAPPED@@@Z

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9668480708dbc63b63913082d88aedcb

Headers

File Characteristics

PDB Paths

Imports

msvcr80

version

kernel32

user32

gdi32

comdlg32

advapi32

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 254KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 12KB - Virtual size: 64KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 16KB - Virtual size: 14KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 256KB - Virtual size: 254KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 12KB - Virtual size: 64KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 40KB - Virtual size: 40KB