dfdc25afa916dbb34f3c978f7274eb45_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dfdc25afa916dbb34f3c978f7274eb45_JaffaCakes118
Size

2.2MB
MD5

dfdc25afa916dbb34f3c978f7274eb45
SHA1

2f03697b45444dac4beea8a1de797f6b048c442b
SHA256

5e2fd81a5fe02cc2714ed000e258b178ac1382c57ee70daccfc1df3f1a0aa980
SHA512

c029171a0d9bf5bcc121a42ea7d37151b5c4daf1225bfcbd8306f9dbe7dc77b7f2d8909ba2cbc624bd7d8b276b7cba7c0a78cc6550a46157e772dc22dab8be0c
SSDEEP

49152:Ala5TxnWfqCppTZG8k68v7g/13n/UfJIMk8L6uiYJvFmXFmxZaw:AI5luqCp5M3sd3n/Ufo3ISXU7a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfdc25afa916dbb34f3c978f7274eb45_JaffaCakes118

Files

dfdc25afa916dbb34f3c978f7274eb45_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4cd3aff284b6ce326fb6d28fae8084c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

iswupper
toupper
isxdigit
isdigit
isalnum
_onexit
??3@YAXPAX@Z
swprintf
_ui64tow
_i64tow
strspn
strcspn
isalpha
__dllonexit
_adjust_fdiv
_initterm
_vsnwprintf
_wcsicmp
_strlwr
_strupr
wcscmp
wcschr
memchr
towlower
wcsncmp
memmove
vswprintf
wcsrchr
calloc
strncpy
strtoul
strchr
sprintf
_except_handler3
_snprintf
_beginthreadex
qsort
srand
wcstok
wcstoul
wcsstr
_ltow
wcstol
iswcntrl
wcspbrk
_wcsdup
_vsnprintf
_ultoa
__CxxFrameHandler
_ultow
rand
wcsncpy
swscanf
_snwprintf
_ltoa
_ftol
strpbrk
_strnicmp
sscanf
strncmp
isspace
tolower
strstr
_wtoi
_atoi64
iswspace
_wtol
wcsftime
gmtime
time
_stricmp
iswxdigit
atoi
iswalpha
iswdigit
_wcsnicmp
towupper
wcslen
_purecall
??2@YAPAXI@Z
realloc
free
malloc
strrchr

tapi32

lineNegotiateAPIVersion
lineGetDevCaps
lineOpen
lineInitialize
lineGetID
lineShutdown
lineClose

ws2_32

WSAEnumNetworkEvents
WSAEventSelect

crypt32

CryptProtectData
CryptUnprotectData

kernel32

CreateEventA
CreateEventW
CreateFileA
CreateFileW
CreateSemaphoreA
DeleteFileA
DeleteFileW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FindResourceA
FindResourceW
LocalFree
LocalAlloc
FormatMessageA
FormatMessageW
GetFileAttributesA
GetFileAttributesW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
lstrcpynW
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTempPathW
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
lstrcatW
lstrcmpiA
lstrcmpiW
lstrcpyW
IsBadWritePtr
GetVersionExW
GetLocaleInfoA
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
GetWindowsDirectoryW
GetShortPathNameA
GetShortPathNameW
GetComputerNameA
GetComputerNameW
GetSystemDirectoryA
OpenMutexA
OpenMutexW
SearchPathA
SearchPathW
FreeLibraryAndExitThread
SetThreadPriority
GetCurrentThread
GetSystemInfo
InterlockedCompareExchange
WaitForSingleObjectEx
HeapSize
ReleaseSemaphore
Sleep
VirtualFree
VirtualAlloc
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
SetThreadAffinityMask
GetExitCodeThread
GetSystemDefaultLCID
SetFilePointer
SetEndOfFile
GetLocalTime
ReadFile
GetFileSize
GetStdHandle
SystemTimeToFileTime
GetExitCodeProcess
OpenProcess
GetThreadLocale
FileTimeToSystemTime
QueryPerformanceFrequency
DeviceIoControl
GetCommConfig
GetVersion
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
SetLastError
GetModuleHandleA
GetWindowsDirectoryA
lstrlenW
GetVersionExA
WideCharToMultiByte
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LockResource
WriteFile
FreeResource
HeapAlloc
GetProcessHeap
HeapFree
SetEvent
GetCurrentThreadId
InterlockedExchange
WaitForSingleObject
ResetEvent
CloseHandle
GetLastError
LoadResource
SizeofResource
lstrlenA
DisableThreadLibraryCalls
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
CompareFileTime
WaitForMultipleObjects
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateThread
LoadLibraryW
GetSystemTime

user32

RegisterWindowMessageA
SetWindowLongA
wvsprintfW
CharNextW
PostQuitMessage
DestroyWindow
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA
RegisterClassA
PostMessageA
GetWindowLongA

advapi32

RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegEnumKeyA
RegEnumKeyW
IsTextUnicode
DeregisterEventSource
RegEnumKeyExW
RegEnumKeyExA
RegQueryValueExW
RegQueryValueExA
RegSetValueExW
RegSetValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegEnumValueW
RegEnumValueA

ole32

CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoCreateGuid
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize

wininet

InternetTimeToSystemTimeW
InternetTimeToSystemTimeA
InternetGetCookieW
InternetGetCookieA
InternetSetCookieW
InternetSetCookieA

shell32

SHGetSpecialFolderPathA

version

GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoA

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cd3aff284b6ce326fb6d28fae8084c8

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

tapi32

ws2_32

crypt32

kernel32

user32

advapi32

ole32

wininet

shell32

version

Sections

.text Size: 52KB - Virtual size: 49KB

.data Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 52KB - Virtual size: 49KB

.data
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 13KB - Virtual size: 13KB