0606a0ae9b7952eac9f2e6685eb94217_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0606a0ae9b7952eac9f2e6685eb94217_JaffaCakes118
Size

136KB
MD5

0606a0ae9b7952eac9f2e6685eb94217
SHA1

db16347f05d9a86e4d3949cedb9a38f753ec500c
SHA256

73e327bfccd2c0e0166d2e44a8104e9f4f4934667f7d3ef84ab44eda3443df78
SHA512

977a8c86164bea0205a4fe952b0e3c13fb647a5b750c5fb21980b3acfd31ece5c7f5bfa7f239ecb081c5299bf63c842f2d14a8570ac78bcc1d8b6b27d54f3dcd
SSDEEP

1536:xcqeQrxhGZpD4M1hkrvQW/nXVYyWhOXQGxcI45fYPqhbZaZ9hffwJ:9xcZpD4M1ObnXQGx745YPqTaZ9hf4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0606a0ae9b7952eac9f2e6685eb94217_JaffaCakes118

Files

0606a0ae9b7952eac9f2e6685eb94217_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b3b4ce22f1d74ae600de48673f53c86c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalAlloc
GetLocalTime
SetFilePointer
LocalAlloc
CreatePipe
PeekNamedPipe
MoveFileA
RemoveDirectoryA
FindNextFileA
GetDriveTypeA
CreateDirectoryA
GetProcAddress
GetSystemInfo
GetLastError
RaiseException
InterlockedExchange
UnmapViewOfFile
GetVersionExA
lstrcmpA
FreeLibrary
GetPrivateProfileSectionNamesA
lstrcpyA
LoadLibraryA

user32

EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
LoadCursorA
DestroyCursor
SetRect
CharNextA
wsprintfA
ExitWindowsEx
SetClipboardData
CloseClipboard
mouse_event
SetCursorPos
WindowFromPoint
GetWindowTextA
SetCapture
MapVirtualKeyA
SystemParametersInfoA
SetWindowsHookExA
UnhookWindowsHookEx
GetDC
ReleaseDC
OpenWindowStationA
IsWindowVisible
EnumWindows
GetUserObjectInformationA
PostMessageA
IsWindow
CreateWindowExA
CloseWindow
MessageBoxA
SendMessageA
BlockInput
GetKeyNameTextA
GetActiveWindow

gdi32

CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GetDIBits
BitBlt
DeleteDC
SelectObject

advapi32

RegDeleteKeyA
RegQueryValueA
RegCloseKey
CloseEventLog
ClearEventLogA
OpenEventLogA
RegCreateKeyExA
AdjustTokenPrivileges
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegEnumKeyExA
RegEnumValueA
RegDeleteValueA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
LookupAccountSidA
GetTokenInformation
RegOpenKeyA

msvcrt

_strrev
_strnset
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
calloc
_beginthreadex
wcstombs
realloc
strncat
_errno
strrchr
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
__CxxFrameHandler
_ftol
strlen
memmove
_CxxThrowException
memcmp
strcat
strcpy
strcmp
free
_except_handler3
_strnicmp

winmm

waveInStop
waveInReset
waveInUnprepareHeader
waveOutWrite
waveOutReset
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInStart
waveInClose
waveOutUnprepareHeader
waveOutClose
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringA

wininet

InternetOpenUrlA
InternetCloseHandle

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvfw32

ICSendMessage
ICClose
ICSeqCompressFrameEnd

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationA

userenv

CreateEnvironmentBlock

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

ClassInfo
ClassName
DCODELL
DMissll
MynNEG
SchoolInfo
main

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3b4ce22f1d74ae600de48673f53c86c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

winmm

msvcp60

imm32

wininet

avicap32

msvfw32

wtsapi32

userenv

psapi

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 6KB