f6f8d389b26d2c18cb8db8c467680db2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f6f8d389b26d2c18cb8db8c467680db2_JaffaCakes118
Size

128KB
MD5

f6f8d389b26d2c18cb8db8c467680db2
SHA1

854ca85acfc22351a6dc655c7606cafd20477416
SHA256

b0216385914b47582c226e56de6c70af5d8cc587f688d45e96e14342239014f3
SHA512

5691bcbdf91532dd7cf2ec7c5e6d5ecf5f8ab5213d49bb4575088b1e2bf07eaa9783cca2ba1426eb0e91bb757785c3c75dc34f1d2d3158ddc07f3009857cc117
SSDEEP

3072:aSc6/AXFS4aMSAI6UcSkR6bLasrB+xKSb:aSc6IguI/qQbLprB+Xb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6f8d389b26d2c18cb8db8c467680db2_JaffaCakes118

Files

f6f8d389b26d2c18cb8db8c467680db2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0bdf40264ba3c939f7a3e74d030e6442

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GetStartupInfoA
GlobalMemoryStatusEx
GetSystemInfo
OpenProcess
OpenEventA
SetErrorMode
lstrcmpiA
GetCurrentThreadId
UnmapViewOfFile
HeapAlloc
HeapFree
GetCurrentProcess
SetLastError
GetModuleFileNameA
MoveFileA
WriteFile
ReadFile
MapViewOfFile
GetFileSize
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
GetVersionExA
GetPrivateProfileStringA
CreateEventA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetWindowsDirectoryA
lstrlenA
InterlockedExchange
lstrcpyA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
ExpandEnvironmentStringsA
GetLocalTime
MoveFileExA
DeleteFileA
GetTickCount
CreateThread
ExitThread
CreateFileA
Sleep
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExA
CloseHandle
ReleaseMutex

user32

SetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
CloseClipboard
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
IsWindow
WindowFromPoint
MapVirtualKeyA
keybd_event
SystemParametersInfoA
DispatchMessageA
SendMessageA
LoadCursorA
CallNextHookEx
GetKeyNameTextA
GetWindowTextA
wsprintfA
GetCursorPos
TranslateMessage
GetMessageA
CloseWindow
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop

gdi32

DeleteObject
BitBlt
CreateDIBSection
SelectObject
CreateCompatibleBitmap
GetDIBits
CreateCompatibleDC
DeleteDC

advapi32

FreeSid
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
LsaFreeMemory
RegCloseKey
RegQueryValueA
RegOpenKeyExA
OpenServiceA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
AdjustTokenPrivileges
OpenProcessToken
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumValueA
RegCreateKeyExA
QueryServiceConfigA
QueryServiceStatus
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
LookupAccountSidA
GetTokenInformation
LsaOpenPolicy

shell32

SHGetSpecialFolderPathA

msvcrt

_strnicmp
_strcmpi
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
_beginthreadex
wcstombs
atoi
realloc
strncat
time
srand
rand
strncpy
strcat
strlen
_except_handler3
free
strcpy
malloc
strchr
strcmp
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
__CxxFrameHandler
memmove
ceil
_ftol
strstr
memcmp
_CxxThrowException

winmm

waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose

ws2_32

setsockopt
htons
WSAStartup
socket
gethostbyname
getsockname
WSAGetLastError
htonl
gethostname
inet_ntoa
WSASocketA
inet_addr
sendto
send
select
recv
ntohs
closesocket
WSACleanup
connect

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvfw32

ICSeqCompressFrame
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Exports

Exports

Oreo

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bdf40264ba3c939f7a3e74d030e6442

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

winmm

ws2_32

msvcp60

avicap32

msvfw32

psapi

wtsapi32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 5KB