fdef0c796754e9ed580c74279a1f6758_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fdef0c796754e9ed580c74279a1f6758_JaffaCakes118
Size

304KB
MD5

fdef0c796754e9ed580c74279a1f6758
SHA1

9b797c4a5943e58497003c519d397199c5c60469
SHA256

0a4b87971f2da47aa5c250091a800241aa3966b7e5de5a0b9ad56ba3a8a0c791
SHA512

9cb76007384707fd0eb2a5ed5611f86d4398acae71e4d27b4f69bc3b5cbaeb6d47f4d4e2b92a1be278333960745a03e761eab8fc130b66ed0e1846931a759cb2
SSDEEP

6144:gojQMfICoLUvRJLWcd+BciYCkt3fGZDC9lUxKG5zUN5:FQCtvRJLWhYCkt3fGZm9l9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdef0c796754e9ed580c74279a1f6758_JaffaCakes118

Files

fdef0c796754e9ed580c74279a1f6758_JaffaCakes118
.exe windows:5 windows x86 arch:x86

167c39f30a0971a33b8545f8e6fe8327

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sti.pdb

Imports

msvcrt

swprintf
_vsnprintf
_onexit
__dllonexit
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
_initterm
_wtol
wcsstr
_wtoi
strchr
_wcsnicmp
_ftol
memset
strcmp
memmove
wcscmp
__RTDynamicCast
_purecall
realloc
__CxxFrameHandler
malloc
??2@YAPAXI@Z
free
??3@YAXPAX@Z

ntdll

NtFlushBuffersFile
NtGetPlugPlayEvent
NtReleaseSemaphore
NtDeleteKey
NtQueryMultipleValueKey
NtQueryObject
NtOpenProcessToken
NtQuerySystemInformation

kernel32

lstrlenW
GetModuleHandleW
IsBadWritePtr
GetProcAddress
TlsFree
LoadLibraryW
GetStdHandle
IsBadReadPtr
LocalFree
FreeLibrary
lstrcpynW
GetACP
TryEnterCriticalSection
GetModuleHandleA
lstrcmpW
TlsSetValue
CreateFileA
IsBadStringPtrW
lstrcpyW
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
TlsAlloc
CloseHandle
ReadFile
GetSystemTimeAsFileTime
LoadLibraryA
GetWindowsDirectoryW
FindAtomA
GetUserDefaultLCID
SetEvent
GetSystemDefaultUILanguage
LCMapStringW
AreFileApisANSI
GetVersion
OpenEventA
GlobalFree
FindResourceExW
HeapDestroy
RegisterWaitForSingleObject
GetCurrentProcessId
PulseEvent
UnregisterWait
CreateEventW
OutputDebugStringA
FindResourceExA
lstrcatA
GetLocalTime
HeapAlloc
GetProcessHeap
CreateSemaphoreA
InterlockedExchange
SetLastError
FindResourceW
CreateMutexA
HeapFree
GetConsoleOutputCP
TlsGetValue
GetSystemDefaultLCID
UnregisterWaitEx
FindClose
WaitForSingleObject
WaitForMultipleObjects
CreateThread
QueueUserWorkItem
lstrlenA
CreateSemaphoreW
WideCharToMultiByte
GetEnvironmentStringsA
MultiByteToWideChar
GetCurrentProcess
GetComputerNameW
OpenEventW
GetLastError
InterlockedDecrement
VirtualAlloc
InterlockedIncrement
GetTempPathA
DeleteCriticalSection
GetUserDefaultUILanguage
GetCurrentDirectoryA
Sleep
GetCommandLineW
InitializeCriticalSection
FreeEnvironmentStringsA
InterlockedCompareExchange
GetOEMCP
GetCurrentThreadId
GlobalAlloc
GetThreadLocale
EnterCriticalSection
SleepEx
LeaveCriticalSection
IsSystemResumeAutomatic
OpenMutexA
GetLogicalDrives
HeapCreate
GetTempFileNameA
LocalAlloc
DisableThreadLibraryCalls

ole32

CoInitializeEx
CoUninitialize
IIDFromString
StringFromIID
CoCreateFreeThreadedMarshaler
CreateBindCtx
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoCreateInstance
StringFromGUID2

ws2_32

WSAIoctl
WSASocketW

advapi32

RegOpenKeyExW
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
GetUserNameW
RegQueryValueExW

user32

FindWindowA
CreateWindowExA
GetInputState
ReleaseDC
GetWindowLongW
GetCaretBlinkTime
GetMessageA
UnregisterClassW
DestroyWindow
DispatchMessageW
UnregisterClassA
GetSystemMetrics
TranslateMessage
GetDC
PostQuitMessage
PeekMessageW
GetClipboardViewer
GetSysColor
UnregisterDeviceNotification
UpdateWindow
GetDesktopWindow
GetCapture
MsgWaitForMultipleObjectsEx
RegisterDeviceNotificationW
GetForegroundWindow
GetActiveWindow
GetProcessDefaultLayout
CreateWindowExW
RegisterClassW
DefWindowProcW
LoadStringW
LoadIconA
DispatchMessageA
DefWindowProcA
wsprintfA
SetWindowLongW

winmm

mixerGetLineControlsA
mixerClose
mixerOpen
mixerGetControlDetailsA
timeGetTime

rtutils

TraceRegisterExW
TraceVprintfExA
TraceDeregisterW

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 207KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

167c39f30a0971a33b8545f8e6fe8327

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

ole32

ws2_32

advapi32

user32

winmm

rtutils

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 207KB - Virtual size: 211KB

.bss Size: - Virtual size: 88KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 207KB - Virtual size: 211KB

.bss
Size: - Virtual size: 88KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 3KB - Virtual size: 2KB