dcfb51f186549cbcf447a161eec17ebf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dcfb51f186549cbcf447a161eec17ebf_JaffaCakes118
Size

280KB
MD5

dcfb51f186549cbcf447a161eec17ebf
SHA1

3e885762801d70c3b2c41017994e283a154df32f
SHA256

24058e2d51423ab2efcdbe805fcea25578503d3360ba2c452a7eadb11ba2d960
SHA512

20134248424fe58083ac9af801b2eea4efc8e8d71a94609c40c34e6c55a126c77194cb408833646ff90a5fcb2ce1509381931b00ff940c66a6d4dea92d25fa90
SSDEEP

6144:78MFQ95jHkB4SVPW84peFEpqXjj0qqDLuG1GP:nCDEB1VPTCeypW5qnuDP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcfb51f186549cbcf447a161eec17ebf_JaffaCakes118

Files

dcfb51f186549cbcf447a161eec17ebf_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fd58c0353b04066763bbda4374fe2044

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetHandleCount
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoA
lstrcatA
lstrcpyA
WideCharToMultiByte
lstrlenA
CompareFileTime
SetEndOfFile
HeapDestroy
GetFileSize
UnmapViewOfFile
GetStringTypeA
LCMapStringA
TlsGetValue
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
HeapAlloc
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
HeapFree
VirtualFree
HeapCreate
GetStringTypeW
GetEnvironmentVariableA
GetModuleFileNameA
TlsSetValue
FlushViewOfFile
RaiseException
lstrcmpiW
lstrcmpiA
GetVersionExA
FlushFileBuffers
SetFilePointer
GetComputerNameW
LoadLibraryA
FreeLibrary
GetVersionExW
InterlockedCompareExchange
GetSystemInfo
GetTickCount
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeviceIoControl
CreateMutexW
GetCommModemStatus
WaitForSingleObject
ReleaseMutex
WinExec
FindResourceExW
CompareStringW
LockResource
LoadResource
SizeofResource
FindResourceW
DeleteFileW
EndUpdateResourceW
BeginUpdateResourceW
WriteFile
CloseHandle
CreateFileW
GetModuleFileNameW
GetCurrentThreadId
CreateProcessW
GetFullPathNameW
OutputDebugStringW
GetCurrentThread
GetCurrentProcess
InterlockedDecrement
LocalFree
InterlockedIncrement
LocalAlloc
GetProcAddress
lstrcmpA
lstrcpynA
DisableThreadLibraryCalls
lstrlenW
MultiByteToWideChar
GetCommandLineA
GetOEMCP
VirtualProtect
GetModuleHandleA
ExitProcess
GetVersion
RtlUnwind

user32

SendMessageW
DefWindowProcA
CreateWindowExA
RegisterClassA
IsWindow
CallNextHookEx
GetAsyncKeyState
UnhookWindowsHookEx
ReleaseDC
GetFocus
FillRect
IsRectEmpty
SetWindowPos
wsprintfW
PostMessageW
GetDC
RegisterClassExW
DefWindowProcW
GetIconInfo
CopyIcon
ClientToScreen
SetRect
OffsetRect

advapi32

CryptDestroyHash
RegCreateKeyExA
RegFlushKey
RegCloseKey
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueW
RegCreateKeyExW
RevertToSelf
LsaFreeMemory
RegDeleteKeyA
CryptDeriveKey
CryptDecrypt
RegEnumKeyA
CryptDestroyKey
CryptExportKey
RegEnumValueA
CryptGetHashParam
CryptCreateHash
CryptHashData
RegOpenKeyExA
CryptReleaseContext
CryptSetHashParam
CryptImportKey
CryptAcquireContextA
GetTokenInformation
SetThreadToken
AdjustTokenPrivileges
IsTextUnicode
SystemFunction006
SystemFunction007
LsaClose

gdi32

SetGraphicsMode
SetMapMode
ModifyWorldTransform
DPtoLP
LineTo
MoveToEx
SetBkMode
GetCurrentObject
CreatePen
CreateSolidBrush
GetTextExtentPoint32W
LPtoDP
SetWorldTransform
SelectObject
SetTextColor
DeleteObject

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoCreateGuid

Sections

.text
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd58c0353b04066763bbda4374fe2044

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

Sections

.text Size: 188KB - Virtual size: 185KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 60KB - Virtual size: 103KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 188KB - Virtual size: 185KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 60KB - Virtual size: 103KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 8KB