d697230bb0afdb66975c62131c51f757_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d697230bb0afdb66975c62131c51f757_JaffaCakes118
Size

152KB
MD5

d697230bb0afdb66975c62131c51f757
SHA1

25cf7f8a3e41aa080a298a4c5170d96033a22acd
SHA256

34cf54206e88e804431f5ba3c1082124857a25adc4a09bb8175b81652166fb95
SHA512

fb5c98d670aa12a8c6a485bb1dceddc621c8dcb48326d73db9ac19ee77a7bba786a9efb0650ca7dd0dcd2db1bcb51dedf86b297df4fc79ea3a1b6adf965fdd9c
SSDEEP

3072:kVJsrZ4sO17x5X0/bxcleCeTBfm1JgOFk+Mhp:lrZCxQbxcxeTBOb++Op

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d697230bb0afdb66975c62131c51f757_JaffaCakes118

Files

d697230bb0afdb66975c62131c51f757_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7570dffe31f82914686acda3ade49b98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

i:\DEV\Clones\BannerModifier_1009\_release\BMCR.pdb

Imports

msvcrt

sprintf
mbstowcs
ldiv
srand
calloc
isdigit
_snprintf
rand
malloc
free
strtok
atoi
isspace
atol
strncpy
atof
memchr
strtoul
_itow
wcstombs
_wtoi
strstr
strncmp
_strnicmp
??_V@YAXPAX@Z
_time64
memmove
??2@YAPAXI@Z
??_U@YAPAXI@Z
??3@YAXPAX@Z
_iob
memset
memcpy
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UAE@XZ
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
isleadbyte
_itoa
_strlwr
_errno
wctomb
_CxxThrowException
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
__CxxFrameHandler
strtol
_except_handler3

shlwapi

StrCatW
StrCpyW
StrStrIA
StrStrIW
StrStrA
UrlEscapeA
StrRChrA
StrChrA
PathRenameExtensionW

wininet

HttpSendRequestW
InternetReadFile
InternetOpenUrlA
InternetOpenW
HttpOpenRequestW
InternetCloseHandle
HttpQueryInfoW
InternetConnectW
HttpAddRequestHeadersA
InternetQueryDataAvailable

ws2_32

WSACleanup
WSAStartup
listen
socket
closesocket
connect
bind
htons
ntohs
WSASetLastError
select
WSAGetLastError
send
inet_addr
accept
recv

kernel32

Sleep
GetVersionExA
GetThreadLocale
GetACP
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
OutputDebugStringA
GetCurrentProcessId
lstrcpynA
CreateFileMappingA
GetVolumeInformationA
CreateFileA
MultiByteToWideChar
GetTickCount
lstrcpyA
SetLastError
FlushInstructionCache
GetCurrentProcess
CreateFileMappingW
GetLocalTime
lstrcatA
UnmapViewOfFile
MapViewOfFile
GetFileSize
CreateEventW
EnterCriticalSection
CreateThread
LeaveCriticalSection
DeleteCriticalSection
TerminateThread
InitializeCriticalSection
LockResource
LocalFree
LoadResource
FindResourceW
GetVersionExW
GetLocaleInfoA
SizeofResource
lstrlenA
lstrcpyW
GetSystemTimeAsFileTime
GetTempFileNameW
GetSystemDirectoryW
lstrcmpiA
GetPrivateProfileStringW
lstrcatW
GetCurrentThread
InterlockedDecrement
WritePrivateProfileStringW
InterlockedIncrement
SetThreadPriority
WideCharToMultiByte
GetCurrentThreadId
CreateProcessW
WaitForSingleObject
GetLastError
OpenMutexW
FreeLibraryAndExitThread
ReleaseMutex
GetModuleFileNameW
SetFilePointer
ReadFile
OpenFile
RaiseException
GetModuleFileNameA
FileTimeToSystemTime
DisableThreadLibraryCalls
lstrlenW
CreateMutexW
GetFileTime
lstrcpynW
WriteFile
GetWindowsDirectoryW
FreeLibrary
CloseHandle
LoadLibraryW
GetVolumeInformationW
OpenEventW
CreateFileW
GetTempPathA
SetEvent
GetVersion
VirtualQuery
GetSystemInfo
GetModuleHandleW
GetProcAddress
VirtualAlloc
VirtualProtect
GetProcessHeap
HeapFree

user32

wsprintfW
GetWindowThreadProcessId
GetClassNameW
EnumChildWindows
EnumWindows
PostQuitMessage
DispatchMessageW
CreateWindowExW
RegisterClassExW
CallNextHookEx
DefWindowProcW
UnhookWindowsHookEx
PostMessageW
wsprintfA
PeekMessageW
SetWindowsHookExW
GetWindowLongW

advapi32

RegOpenKeyExW
RegQueryValueA
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
RegQueryValueExW
RegCreateKeyW
RegCloseKey
RegEnumValueW
RegCreateKeyA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantChangeType
SysAllocString
VariantInit
SysAllocStringLen
VariantClear
SysFreeString

Exports

Exports

AddCallback
CallbacksCount
GetProxyServiceVersion
RemoveCallback
s

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7570dffe31f82914686acda3ade49b98

Headers

File Characteristics

PDB Paths

Imports

msvcrt

shlwapi

wininet

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 1KB - Virtual size: 4KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 7KB - Virtual size: 6KB