f6351ca636222ea0ac671f03473ddcea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6351ca636222ea0ac671f03473ddcea_JaffaCakes118
Size

102KB
MD5

f6351ca636222ea0ac671f03473ddcea
SHA1

629511db4d402f82b6924abe8444fb8921664417
SHA256

5f142eb37c6ec3cfdb4d092e5ad961f5466db1311d53ffdba2bc396ac85a20ac
SHA512

89fac2178a9ca66dabc9a82af756f27215b2fe60514b9938311bd6b31a2fba409593f4936eee0c8058fce3863bddc31f430ecf26bb699c61b2e88f58f01c58e6
SSDEEP

1536:Cx3qcmSY2/aopTq5+VquKWeo/TlfUCQ8XaFb34XEdm6h:Cx6DuaiTqQVquKWbXaaXym6h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6351ca636222ea0ac671f03473ddcea_JaffaCakes118

Files

f6351ca636222ea0ac671f03473ddcea_JaffaCakes118
.dll windows:4 windows x86 arch:x86

81aff93d980df6dccc4899fdd7c6d436

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

memset

kernel32

HeapCreate
CreateSemaphoreA
GetLastError
GetDriveTypeA
GetModuleHandleA
Beep
HeapDestroy
GlobalAlloc
GlobalFree
OpenProcess
TerminateProcess
CloseHandle
GetComputerNameA
CreateFileA
DeviceIoControl
GlobalMemoryStatus
ExitProcess
HeapFree
HeapAlloc
TlsAlloc
TlsGetValue
TlsSetValue
HeapReAlloc
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
LoadLibraryA
GetProcAddress
Sleep
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
WriteFile
PeekNamedPipe
ReadFile
GetFileSize
GetTickCount
FreeLibrary
IsBadReadPtr
MulDiv
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
SetFilePointer
GetLocalTime
GlobalLock
GlobalUnlock
WaitForMultipleObjects
ResetEvent
SetEvent
GetCurrentThread
CreateEventA
CreateThread

user32

GetSystemMetrics
GetDesktopWindow
GetDC
SetCursorPos
SetWindowsHookExA
UnhookWindowsHookEx
BlockInput
SwapMouseButton
FindWindowA
SendMessageA
EnumWindows
ShowWindow
SetForegroundWindow
SetActiveWindow
SetWindowTextA
EnableWindow
VkKeyScanA
GetCursorPos
GetMessageExtraInfo
mouse_event
MapVirtualKeyA
keybd_event
GetKeyState
GetAsyncKeyState
ToAscii
GetForegroundWindow
GetWindowTextA
CallNextHookEx
SystemParametersInfoA
GetWindowLongA
SetWindowLongA
DestroyIcon
FillRect
GetWindowTextLengthA
CallWindowProcA
GetPropA
CreateWindowExA
IsWindowEnabled
GetSysColor
GetSysColorBrush
PostMessageA
GetWindowRect
GetParent
MapWindowPoints
MoveWindow
RedrawWindow
SetFocus
DestroyWindow
TranslateMessage
DispatchMessageA
PeekMessageA
RemovePropA
SetPropA
GetWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRect
GetActiveWindow
CreateAcceleratorTableA
SetWindowPos
IsZoomed
ScreenToClient
GetClientRect
GetMenu
AdjustWindowRectEx
LoadImageA
SetCursor
SetCapture
ReleaseCapture
EnumChildWindows
DefWindowProcA
MsgWaitForMultipleObjects
GetMessageA
TranslateAcceleratorA
IsWindowVisible
GetFocus
IsChild
GetClassNameA
EnumDisplaySettingsA
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
ReleaseDC

gdi32

BitBlt
GetObjectType
DeleteObject
CreateCompatibleDC
SelectObject
GetStockObject
DeleteDC
GetObjectA
SetStretchBltMode
SetBrushOrgEx
StretchBlt
GetDIBits
CreateDCA
CreateCompatibleBitmap
CreateDIBSection
SetTextColor
SetBkColor
CreateSolidBrush
GetDeviceCaps
CreateFontA
CreatePen
SetTextAlign
GetTextExtentPoint32A
MoveToEx
TextOutA
Ellipse
SetROP2
SetBkMode

wsock32

ioctlsocket
closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
connect
recvfrom
recv
send
sendto
gethostname
WSAGetLastError

msvcrt

strcpy
strlen
strcat
memcpy
memmove
sprintf
strncpy
_ftol
fopen
malloc
free
fclose
exit
_iob
fprintf
fwrite
fflush
ferror
getenv
sscanf
fseek
strcmp
strncmp
localtime
mktime
gmtime

ole32

RevokeDragDrop

comctl32

InitCommonControlsEx

advapi32

RegDeleteKeyA
RegConnectRegistryA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegEnumValueA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteExA

Exports

Exports

enumwindowcallback

Sections

xxxxxxxx
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xxxxxxxx
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xxxxxxxx
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

xxxxxxxx
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xxxxxxxx
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xxxxxxxx
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81aff93d980df6dccc4899fdd7c6d436

Headers

File Characteristics

Imports

crtdll

kernel32

user32

gdi32

wsock32

msvcrt

ole32

comctl32

advapi32

shell32

Exports

Exports

Sections

xxxxxxxx Size: 22KB - Virtual size: 21KB

xxxxxxxx Size: 58KB - Virtual size: 57KB

xxxxxxxx Size: 512B - Virtual size: 96B

xxxxxxxx Size: 14KB - Virtual size: 16KB

xxxxxxxx Size: 1KB - Virtual size: 1KB

xxxxxxxx Size: 5KB - Virtual size: 4KB

xxxxxxxx
Size: 22KB - Virtual size: 21KB

xxxxxxxx
Size: 58KB - Virtual size: 57KB

xxxxxxxx
Size: 512B - Virtual size: 96B

xxxxxxxx
Size: 14KB - Virtual size: 16KB

xxxxxxxx
Size: 1KB - Virtual size: 1KB

xxxxxxxx
Size: 5KB - Virtual size: 4KB