01af1271f4b73159c17e3575cbd5e12f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

01af1271f4b73159c17e3575cbd5e12f_JaffaCakes118
Size

113KB
MD5

01af1271f4b73159c17e3575cbd5e12f
SHA1

b46f7d0ff1d5946abab259bcd73bf5793c5029d9
SHA256

bb530f300f4f25ee79850d2edd3f5ec07a083c307c7662519edf04bc2fc3035c
SHA512

9f2ac72374dfbe8281092d5291c1d139e0806b3c6432994fafba65b25a9d8e74cec1c25d247f827e33f325f91ef979a4ed807a1305e2f2363499f7aaf3771f97
SSDEEP

3072:NW/l5syk8fRGTZ6TnqKvkqdxojXmh2m5sHoi:C5W866TnqIkRjmh2m5sHZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01af1271f4b73159c17e3575cbd5e12f_JaffaCakes118

Files

01af1271f4b73159c17e3575cbd5e12f_JaffaCakes118
.dll windows:6 windows x86 arch:x86

dc24cadd9a02af6ac90819d315fe5b77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imm32.pdb

Imports

user32

SystemParametersInfoW
GetClassInfoExW
LoadIconW
RegisterClassExW
GetParent
GetCapture
DrawEdge
BeginPaint
EndPaint
InvalidateRect
DefWindowProcW
ReleaseCapture
SetWindowPos
GetWindow
keybd_event
GetMonitorInfoW
SetCursor
GetCursorPos
ScreenToClient
SetCapture
MessageBeep
GetSystemMetrics
GetWindowRect
DrawTextExW
GetWindowLongW
SetWindowLongW
GetClientRect
GetDC
ReleaseDC
LoadBitmapW
UnloadKeyboardLayout
CharUpperW
User32InitializeImmEntryTable
LoadKeyboardLayoutW
GetFocus
GetActiveWindow
GetClassInfoW
GetWindowThreadProcessId
GetKeyboardLayoutList
SendMessageA
PostMessageW
PostMessageA
WCSToMBEx
GetKeyboardLayout
IsWindow
MonitorFromWindow
UpdateWindow
ShowWindow
CreateWindowExW
MapVirtualKeyW
DestroyWindow
ToAsciiEx
ToUnicode
GetKeyboardState
ClientToScreen
GetForegroundWindow
MapWindowPoints
CharNextA
CharNextW
IsWindowUnicode
GetDesktopWindow
SendMessageTimeoutW
SendMessageW
LoadCursorW

ntdll

RtlUnwind
RtlIsThreadWithinLoaderCallout
RtlDllShutdownInProgress
RtlUnicodeToMultiByteSize
memset
wcstol
_wcsicmp
RtlUnicodeStringToInteger
RtlIntegerToUnicodeString
RtlDeleteCriticalSection
NtQuerySystemInformation
_vsnwprintf
RtlEnterCriticalSection
RtlLeaveCriticalSection
memcpy
RtlInitializeCriticalSection

kernel32

LocalReAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
TlsFree
CreateThread
Sleep
TlsGetValue
TlsSetValue
TlsAlloc
OpenFileMappingW
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetLastError
lstrlenA
IsDBCSLeadByte
GetProfileIntW
lstrcmpW
GlobalSize
SetLastError
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
HeapAlloc
GetLocaleInfoW
LocalSize
LocalFlags
GetFullPathNameW
lstrlenW
OpenFile
_lclose
GetThreadLocale
GetSystemDirectoryW
LocalAlloc
GetACP
FreeLibrary
BaseCheckAppcompatCache
GetModuleHandleW
LoadLibraryW
GetProcAddress
LocalFree
InterlockedIncrement
HeapFree
LocalUnlock
LocalLock
InterlockedDecrement
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByteEx
GetSystemDefaultLCID

gdi32

GetTextMetricsW
CreateDIBitmap
GetDIBits
ExtTextOutW
TranslateCharsetInfo
GetTextExtentPoint32W
CreateDCW
GetObjectW
CreateFontIndirectW
SetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
BitBlt
GetStockObject
SelectObject
Rectangle
PatBlt

advapi32

RegSetValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegCloseKey

msctf

CtfImeProcessCicHotkey
CtfImeDestroyInputContext
TF_CreateLangBarMgr
CtfImeGetGuidAtom
CtfImeIsGuidMapEnable
CtfImeCreateInputContext
TF_Notify
TF_SetDefaultRemoteKeyboardLayout
TF_GetCompatibleKeyboardLayout
CtfImeCreateThreadMgr
CtfImeDestroyThreadMgr
CtfImeDispatchDefImeMessage
TF_CleanUpPrivateMessages
TF_CanUninitialize
CtfImeEscapeEx
CtfImeInquireExW
CtfImeInquire
CtfImeConversionList
CtfImeRegisterWord
CtfImeUnregisterWord
CtfImeGetRegisterWordStyle
CtfImeEnumRegisterWord
CtfImeConfigure
CtfImeDestroy
CtfImeEscape
CtfImeProcessKey
CtfImeSelect
CtfImeSetActiveContext
CtfImeToAsciiEx
CtfNotifyIME
CtfImeSetCompositionString
TF_GetAppCompatFlags
CtfImeSetFocus
CtfImeSelectEx
CtfImeAssociateFocus
TF_MapCompatibleKeyboardTip

Exports

Exports

CtfImmAppCompatEnableIMEonProtectedCode
CtfImmCoUninitialize
CtfImmDispatchDefImeMessage
CtfImmEnterCoInitCountSkipMode
CtfImmGenerateMessage
CtfImmGetCompatibleKeyboardLayout
CtfImmGetGuidAtom
CtfImmGetIMEFileName
CtfImmGetTMAEFlags
CtfImmHideToolbarWnd
CtfImmIsCiceroEnabled
CtfImmIsCiceroStartedInThread
CtfImmIsGuidMapEnable
CtfImmIsTextFrameServiceDisabled
CtfImmLastEnabledWndDestroy
CtfImmLeaveCoInitCountSkipMode
CtfImmNotify
CtfImmRestoreToolbarWnd
CtfImmSetAppCompatFlags
CtfImmSetCiceroStartInThread
CtfImmSetDefaultRemoteKeyboardLayout
CtfImmTIMActivate
GetKeyboardLayoutCP
ImmActivateLayout
ImmAssociateContext
ImmAssociateContextEx
ImmCallImeConsoleIME
ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmDisableIme
ImmDisableTextFrameService
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmFreeLayout
ImmGenerateMessage
ImmGetAppCompatFlags
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmGetImeInfoEx
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmIMPGetIMEA
ImmIMPGetIMEW
ImmIMPQueryIMEA
ImmIMPQueryIMEW
ImmIMPSetIMEA
ImmIMPSetIMEW
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLoadIME
ImmLoadLayout
ImmLockClientImc
ImmLockIMC
ImmLockIMCC
ImmLockImeDpi
ImmNotifyIME
ImmProcessKey
ImmPutImeMenuItemsIntoMappedFile
ImmReSizeIMCC
ImmRegisterClient
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSendIMEMessageExA
ImmSendIMEMessageExW
ImmSetActiveContext
ImmSetActiveContextConsoleIME
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmSystemHandler
ImmTranslateMessage
ImmUnlockClientImc
ImmUnlockIMC
ImmUnlockIMCC
ImmUnlockImeDpi
ImmUnregisterWordA
ImmUnregisterWordW
ImmWINNLSEnableIME
ImmWINNLSGetEnableStatus
ImmWINNLSGetIMEHotkey

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ss32
Size: 1024B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dc24cadd9a02af6ac90819d315fe5b77

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

ntdll

kernel32

gdi32

advapi32

msctf

Exports

Exports

Sections

.text Size: 86KB - Virtual size: 86KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 3KB - Virtual size: 3KB

.ss32 Size: 1024B - Virtual size: 846B

.text
Size: 86KB - Virtual size: 86KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 3KB - Virtual size: 3KB

.ss32
Size: 1024B - Virtual size: 846B