f9c33e4a91dac412c59177ee258f2b4c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9c33e4a91dac412c59177ee258f2b4c_JaffaCakes118
Size

840KB
MD5

f9c33e4a91dac412c59177ee258f2b4c
SHA1

525d0d0e0494f5eb1c2cd25fe573407ede8be806
SHA256

eb89de6882d175f638afde00809dd6a551ff6be70517ce2cc485fdc9572efe92
SHA512

36a7f7298616e03737ecf1ae9cf9ada98dffba76958b49bcb79b571cc9c970d1a2e212721b02f397210b95ab3fd752bd006164c4f67b9b4d71f719a786f0a82a
SSDEEP

12288:wEB+vP8zArhStrdUv+Uxqv4fjelvQ360BouADfH5CO3Pd:wEwStrdUv+UxnKlIKGbxqd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9c33e4a91dac412c59177ee258f2b4c_JaffaCakes118

Files

f9c33e4a91dac412c59177ee258f2b4c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

613ac2cfc10182662bdb1418102a5f50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\LocalSvnForDailyBuild\lonely_de\bin\de_release\Adapter.pdb

Imports

psapi

GetModuleInformation

dbghelp

SymInitialize
SymGetModuleInfo
SymGetSymFromAddr
StackWalk
SymFunctionTableAccess
SymLoadModule
SymGetLineFromAddr

log4cplus

?getInstance@Logger@log4cplus@@SA?AV12@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1Logger@log4cplus@@UAE@XZ
?isEnabledFor@Logger@log4cplus@@QBE_NH@Z
?forcedLog@Logger@log4cplus@@QBEXHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBDH@Z
??6@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@AAV01@PBD@Z

kernel32

TlsFree
SetErrorMode
WritePrivateProfileStringW
GlobalFlags
InterlockedIncrement
GetVersionExA
GlobalFindAtomW
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
CreateFileW
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
ExitProcess
RaiseException
WriteConsoleW
GetFileType
GetStdHandle
HeapSize
Sleep
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetLocaleInfoA
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFree
GlobalUnlock
FormatMessageW
LocalFree
GetCurrentProcessId
SetLastError
GlobalAddAtomW
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
InterlockedDecrement
GetModuleFileNameW
VirtualQueryEx
CreateFileA
GetCurrentThread
GetThreadContext
VirtualProtect
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
Module32FirstW
Module32NextW
ResumeThread
CreateToolhelp32Snapshot
Thread32First
OpenThread
SuspendThread
Thread32Next
GetVersion
GetVersionExW
OpenProcess
WaitForSingleObject
TerminateProcess
CloseHandle
MultiByteToWideChar
VirtualQuery
LoadLibraryW
LockResource
SizeofResource
LoadResource
FindResourceW
VirtualProtectEx
GetModuleHandleW
GetCurrentProcess
GetCurrentThreadId
LoadLibraryA
GetLastError
lstrlenW
WideCharToMultiByte
FreeLibrary
GetModuleFileNameA
GetTickCount
IsBadReadPtr
GetProcAddress
GetModuleHandleA
InterlockedCompareExchange
FlushInstructionCache

user32

RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
UnregisterClassA
MessageBoxW
MessageBoxA
PostMessageW
GetWindowThreadProcessId
PostQuitMessage
TabbedTextOutW
UnregisterClassW
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
DestroyMenu
LoadCursorW
GetSysColorBrush
ShowWindow
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
SendMessageW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
EnableWindow
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
IsIconic

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
Escape
GetStockObject
SetTextColor
SetBkColor
RestoreDC
SaveDC
OffsetViewportOrgEx
SetViewportOrgEx
GetDeviceCaps
CreateBitmap
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SelectObject

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

SHFileOperationA
ShellExecuteW

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantClear
VariantInit
VariantChangeType

Exports

Exports

GetPlugin

Sections

.text
Size: 604KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

613ac2cfc10182662bdb1418102a5f50

Headers

File Characteristics

PDB Paths

Imports

psapi

dbghelp

log4cplus

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 604KB - Virtual size: 601KB

.rdata Size: 92KB - Virtual size: 90KB

.data Size: 20KB - Virtual size: 52KB

.rsrc Size: 16KB - Virtual size: 14KB

.vmp0 Size: 60KB - Virtual size: 58KB

.reloc Size: 44KB - Virtual size: 42KB

.text
Size: 604KB - Virtual size: 601KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 20KB - Virtual size: 52KB

.rsrc
Size: 16KB - Virtual size: 14KB

.vmp0
Size: 60KB - Virtual size: 58KB

.reloc
Size: 44KB - Virtual size: 42KB