dc9d931b156a695e10364ebbb61994ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dc9d931b156a695e10364ebbb61994ee_JaffaCakes118
Size

1.2MB
MD5

dc9d931b156a695e10364ebbb61994ee
SHA1

d863401cdcbb3bbf3932d150064a1818dd880fb8
SHA256

ede178d03fea9342c91fd51af35dc9c471071d74a32d12e2addf3f179027847a
SHA512

ec59d734d7f4840ecc1678562c43e83316978d3f5761abf8d30ccaedfb7ac4a83628ccd13fd65263c7efae716b656810e13f187bc2791d9154b87394deff56e8
SSDEEP

24576:X9eRi7YIRS8WFORt92ZeKD0y7F9KCp8VLi98zn7Kkk8wBEYW:tKi7YIoGcp8VLi98znekkNy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc9d931b156a695e10364ebbb61994ee_JaffaCakes118

Files

dc9d931b156a695e10364ebbb61994ee_JaffaCakes118
.dll windows:5 windows x86 arch:x86

905544c00a0a222983f7114f39be35f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

winnt32a.pdb

Imports

kernel32

GetFileInformationByHandle
FindNextFileA
TlsSetValue
TlsGetValue
ReleaseMutex
SetEvent
InterlockedDecrement
LeaveCriticalSection
ResetEvent
EnterCriticalSection
CreateThread
CreateEventA
InitializeCriticalSection
WaitForSingleObject
GetExitCodeThread
RemoveDirectoryA
GetTempFileNameA
FileTimeToDosDateTime
TlsFree
TlsAlloc
HeapAlloc
GetProcessHeap
GetSystemTime
GetVersionExA
OpenEventA
GlobalFree
GetOEMCP
GetACP
GlobalMemoryStatus
GetFullPathNameA
GetWindowsDirectoryA
FlushFileBuffers
GetSystemDefaultLCID
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetSystemDirectoryA
WritePrivateProfileStringA
GlobalAlloc
GetVersion
LockResource
LoadResource
FindResourceA
SetErrorMode
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetNumberFormatA
SystemTimeToFileTime
VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
LocalFileTimeToFileTime
GetCurrentProcess
DeleteCriticalSection
HeapFree
CreateMutexA
FindResourceExA
SetFileTime
GetPrivateProfileIntA
FlushViewOfFile
OutputDebugStringA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
HeapReAlloc
RtlUnwind
GetFileType
ExitProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
GetCPInfo
LCMapStringA
LCMapStringW
InterlockedExchange
SetEndOfFile
SetStdHandle
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
lstrcmpiA
FormatMessageA
LocalFree
lstrcpynA
ExpandEnvironmentStringsA
lstrcmpA
GetCommandLineA
LocalAlloc
GetLogicalDrives
GetDriveTypeA
GetPrivateProfileStructA
InterlockedIncrement
RaiseException
GetThreadLocale
SetThreadLocale
GetFileTime
OpenProcess
WaitForMultipleObjects
GetSystemInfo
VirtualProtect
VirtualQuery
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
SetFilePointer
SetLastError
LoadLibraryA
GetCurrentThread
SetThreadPriority
GetCurrentThreadId
CreateToolhelp32Snapshot
Thread32First
SuspendThread
ResumeThread
Thread32Next
DeviceIoControl
GetTickCount
FindFirstFileA
FindClose
MoveFileA
CreateDirectoryA
GetModuleFileNameA
LoadLibraryExA
GetProcAddress
FreeLibrary
lstrcatA
lstrcpyA
Sleep
GetPrivateProfileStringA
CreateFileA
GetFileSize
GetLastError
CloseHandle
ReadFile
GetFileAttributesA
SetFileAttributesA
CopyFileA
DeleteFileA
lstrlenA
WriteFile
GetDiskFreeSpaceA
GetVolumeInformationA

user32

ExitWindowsEx
CharNextA
GetDesktopWindow
GetWindowRect
RegisterClassExA
CreateWindowExA
DefWindowProcA
GetKeyboardType
WinHelpA
CharPrevA
wsprintfA
CharToOemA
PostMessageA
SystemParametersInfoA
SetWindowPos
MapWindowPoints
DestroyWindow
IsChild
GetDC
ReleaseDC
IsWindow
SetForegroundWindow
IsWindowVisible
IsWindowEnabled
PeekMessageA
GetWindowTextA
LoadCursorA
SetCursor
OemToCharBuffA
SetWindowTextA
IsDlgButtonChecked
GetDlgCtrlID
LoadImageA
KillTimer
SetTimer
GetDlgItemTextA
UpdateWindow
SendDlgItemMessageA
CheckDlgButton
EnableWindow
ShowWindow
SetDlgItemTextA
SetFocus
GetParent
SendMessageA
CharUpperA
CallWindowProcA
DialogBoxIndirectParamA
MoveWindow
SetWindowLongA
GetWindowLongA
GetDlgItem
EndDialog
GetClientRect
GetSystemMetrics
ClientToScreen
SetActiveWindow
GetSystemMenu
EnableMenuItem
CheckRadioButton
ScreenToClient
LoadIconA
InvalidateRect
MessageBoxA
DialogBoxParamA
GetSysColor
GetSysColorBrush
LoadStringA

gdi32

CreateCompatibleDC
SelectObject
SetStretchBltMode
StretchDIBits
DeleteDC
CreateDIBSection
GetStockObject
SetBkMode
SetDIBitsToDevice
ExcludeClipRect
GetDeviceCaps
DeleteObject
CreatePalette
GetObjectA
CreateFontIndirectA
SetBkColor

ole32

CoInitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString

advapi32

CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegCreateKeyExA
IsTextUnicode
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumValueA
RegCreateKeyA
RegOpenKeyA
CryptDecrypt

comctl32

PropertySheetA
ord17
ImageList_Create
ImageList_ReplaceIcon

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

mpr

WNetGetConnectionA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

imm32

ImmAssociateContext

pidgen

ord5

setupapi

SetupGetStringFieldA
SetupGetMultiSzFieldA
SetupOpenInfFileA
SetupCloseInfFile
SetupFindFirstLineA
SetupFindNextLine

Exports

Exports

UnsupportedArchitectureCheck
winnt32

Sections

.text
Size: 272KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832KB - Virtual size: 831KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

905544c00a0a222983f7114f39be35f8

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

oleaut32

advapi32

comctl32

comdlg32

mpr

version

imm32

pidgen

setupapi

Exports

Exports

Sections

.text Size: 272KB - Virtual size: 270KB

.data Size: 12KB - Virtual size: 43KB

.rsrc Size: 832KB - Virtual size: 831KB

.reloc Size: 24KB - Virtual size: 21KB

.text Size: 128KB - Virtual size: 128KB

.text
Size: 272KB - Virtual size: 270KB

.data
Size: 12KB - Virtual size: 43KB

.rsrc
Size: 832KB - Virtual size: 831KB

.reloc
Size: 24KB - Virtual size: 21KB

.text
Size: 128KB - Virtual size: 128KB