ea4cb92ad2fe7d5e4c459b65238d16e3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ea4cb92ad2fe7d5e4c459b65238d16e3_JaffaCakes118
Size

3.5MB
MD5

ea4cb92ad2fe7d5e4c459b65238d16e3
SHA1

40106b0c87db2a0ea0b40939bf2d6b8a5d592156
SHA256

4184a9a0f4bccde491211d8c44a9da8f32ffc1bcca498259a0e2569d2eeda2fc
SHA512

c901745970b50b77dee584c1489c71deb7ba09ecd186590c4ceb7e16b811e3091626346ab8219c36c06bd63d5087300c36b68aee65bf8b06a8e1423dd4e94637
SSDEEP

49152:EUmWtseNoaD8dquLy+dRu1islIWzjty0iOx+KZEa:6WJNX84oy+dRu1BlIWzjtd3x+sE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea4cb92ad2fe7d5e4c459b65238d16e3_JaffaCakes118

Files

ea4cb92ad2fe7d5e4c459b65238d16e3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6e2c855ace94c06c8b84732853ec6c80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

ws2_32

inet_addr
socket
closesocket
htons
ntohl
recv
connect
send
gethostbyname

kernel32

RtlUnwind
ExitProcess
HeapFree
GetCommandLineA
RaiseException
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
HeapReAlloc
HeapSize
LCMapStringA
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileTime
GetFileAttributesA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
GetLastError
lstrcpynA
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleFileNameA
MulDiv
SetLastError
GlobalAlloc
GetCurrentThread
LocalFree
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
lstrcmpA
lstrlenA
lstrcpyA
ReadFile
GetPrivateProfileStringA
VirtualProtectEx
CreateProcessA
WriteFile
Sleep
DeleteFileA
FindFirstFileA
GetModuleHandleA
FindNextFileA
FindClose
GetPrivateProfileIntA
CreateFileA
GetFileSize
CloseHandle
TerminateProcess
CreateThread
GetTickCount
WritePrivateProfileStringA
GetVersionExA
GetCurrentProcess
LCMapStringW

user32

GetClassNameA
UnregisterClassA
CharUpperA
LoadStringA
GetMessageA
TranslateMessage
ValidateRect
EndPaint
BeginPaint
ClientToScreen
PostQuitMessage
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
LoadIconA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
IsWindowVisible
DestroyMenu
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetKeyState
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GrayStringA
TabbedTextOutA
IsWindow
CopyRect
DrawTextA
ShowWindow
RegisterHotKey
SetWindowTextA
KillTimer
RedrawWindow
GetParent
SetCursor
InvalidateRect
UpdateWindow
OffsetRect
GetSysColor
SetWindowPos
GetDC
GetSysColorBrush
LoadCursorA
PtInRect
GetClientRect
FillRect
ReleaseDC
GetWindowRect
GetCursorPos
ScreenToClient
GetWindowThreadProcessId
SetWindowsHookExA
SetTimer
CallNextHookEx
GetWindowTextA
FindWindowExA
MessageBoxA
EnableWindow
SendMessageA
ExitWindowsEx
FindWindowA
PostMessageA
GetDlgCtrlID

gdi32

SetTextAlign
GetDeviceCaps
CreatePen
LineTo
DPtoLP
SetBkMode
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
MoveToEx
SetMapMode
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
GetViewportOrgEx
SetViewportOrgEx
BitBlt
DeleteObject
GetStockObject
GetObjectA
CreateFontIndirectA
Ellipse
CreateSolidBrush
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateRectRgn
OffsetViewportOrgEx

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AdjustTokenPrivileges

shell32

ShellExecuteA

comctl32

ord17
ImageList_Destroy

ole32

CoDisconnectObject

oleaut32

VariantChangeType
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
LoadTypeLi
VariantClear
VariantCopy

urlmon

URLDownloadToFileA

Exports

Exports

Func4
Func5

Sections

.text
Size: 280KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MyCode
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e2c855ace94c06c8b84732853ec6c80

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

Exports

Exports

Sections

.text Size: 280KB - Virtual size: 278KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 1.4MB - Virtual size: 1.9MB

MyCode Size: 100KB - Virtual size: 97KB

.rsrc Size: 36KB - Virtual size: 32KB

.vmp0 Size: 1.6MB - Virtual size: 1.6MB

.vmp1 Size: 40KB - Virtual size: 38KB

.reloc Size: 36KB - Virtual size: 33KB

.text
Size: 280KB - Virtual size: 278KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 1.4MB - Virtual size: 1.9MB

MyCode
Size: 100KB - Virtual size: 97KB

.rsrc
Size: 36KB - Virtual size: 32KB

.vmp0
Size: 1.6MB - Virtual size: 1.6MB

.vmp1
Size: 40KB - Virtual size: 38KB

.reloc
Size: 36KB - Virtual size: 33KB