dd2055453b01028a971826054eb2f317_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd2055453b01028a971826054eb2f317_JaffaCakes118
Size

108KB
MD5

dd2055453b01028a971826054eb2f317
SHA1

35178e9d26a2ea1149c22c2cba62b656c40b5242
SHA256

6c830d6244c8c73c50bdaa86f450ea5133aa1ab8b6551813f95db6350b6d4d4f
SHA512

99f64a7f580b481772a7cd27c71c21b7b43dc994b761a64a3c2ea03f99f1a599e2ed1e0a7a07009acfa335a3e4b47f1da4597626821dd2a4dd2a12ec55eb1585
SSDEEP

3072:Cr30cYOW8mbS77lMvc3DRp4ZXDsFLq+zXNBCJxsal1/W:C70cYvS77lMA6ZXDsk+zdBEsaX/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd2055453b01028a971826054eb2f317_JaffaCakes118

Files

dd2055453b01028a971826054eb2f317_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d6e2afb7b60beb9881764706807d64fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

WOW32DriverCallback
joyGetPos
mmioInstallIOProcA
timeBeginPeriod
timeKillEvent
waveInGetDevCapsA
waveInReset
waveInStart
waveOutPrepareHeader
waveOutRestart
waveOutUnprepareHeader
PlaySoundW

shell32

ShellExecuteA
SHGetSpecialFolderPathW
SHFileOperationW

user32

TranslateMessage
DestroyWindow
DialogBoxParamA
DispatchMessageA
EmptyClipboard
EnumPropsA
GetForegroundWindow
GetKeyState
GetTopWindow
LoadIconA
MessageBoxW
CharLowerBuffA
CharLowerW
CharToOemA
CreateWindowExA
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageA
RegisterClassA
RegisterShellHookWindow
UpdateWindow
DefWindowProcA
ShowWindow
SetUserObjectSecurity
SetSystemCursor
SetRect
RemoveMenu

ws2_32

WSAGetLastError
WSAStringToAddressA
WSAUnhookBlockingHook
socket
listen
htons
gethostbyname
connect
closesocket

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ole32

PropVariantClear
StgPropertyLengthAsVariant
IsEqualGUID

advapi32

CancelOverlappedAccess
BuildExplicitAccessWithNameW
SetUserFileEncryptionKey
SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyExA
OpenTraceW
LsaSetInformationTrustedDomain
LsaRemoveAccountRights
LsaClearAuditLog
ImpersonateNamedPipeClient
GetTrusteeNameW
GetTraceEnableFlags
GetSecurityDescriptorDacl
GetAclInformation
GetAce
EqualSid
AddAccessDeniedAce

kernel32

HeapAlloc
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
GetTimeZoneInformation
GetTempPathW
GetSystemInfo
GetModuleHandleA
GetLogicalDriveStringsW
GetFileInformationByHandle
GetFileAttributesExA
GetExitCodeProcess
GetCurrentProcessId
GetConsoleOutputCP
GetConsoleMode
GetConsoleAliasA
GetCommandLineA
GetBinaryTypeA
FormatMessageA
FlushConsoleInputBuffer
FindNextVolumeW
FindAtomA
ExitProcess
EraseTape
EnumTimeFormatsA
lstrcmpA
WaitForMultipleObjectsEx
TlsGetValue
SetEnvironmentVariableA
RemoveDirectoryW
ReadFile
OpenJobObjectW
MulDiv
DuplicateHandle
DeleteCriticalSection
CreateSemaphoreA
CreateFileA
LocalShrink
LocalLock
HeapFree
HeapCreate
CloseHandle
BindIoCompletionCallback
BeginUpdateResourceA
Beep

dinput

DirectInputCreateW

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6e2afb7b60beb9881764706807d64fb

Headers

File Characteristics

Imports

winmm

shell32

user32

ws2_32

version

ole32

advapi32

kernel32

dinput

Sections

.text Size: 72KB - Virtual size: 71KB

.data Size: 24KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 72KB - Virtual size: 71KB

.data
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB