09ba7eb82d8865b78dfd69aa358c7a70_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

09ba7eb82d8865b78dfd69aa358c7a70_JaffaCakes118
Size

215KB
MD5

09ba7eb82d8865b78dfd69aa358c7a70
SHA1

0328cb311112fd9201065e8266e8a641a49b1cfe
SHA256

9b02accf6fa8da36ef4346769766045fbf0a273aa7d50b54f7845a5aa84cd5ed
SHA512

4a73197d733b9b26d9480fe3cadd7080ddd44a849ba91fe607ed351d5cd551c774a8f5f5ccaa0b79454584ed951d9a115de7b61618259993c775ec2fbdc68127
SSDEEP

3072:KJ6UMPNXUe1111111111zMm2uvFqeb/ACY0xUtTF7FypKiWbe9:o6DUcMMr3KLkU3be9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09ba7eb82d8865b78dfd69aa358c7a70_JaffaCakes118

Files

09ba7eb82d8865b78dfd69aa358c7a70_JaffaCakes118
.dll windows:4 windows x86 arch:x86

afdecf63431f513d6e3fe604ca94dcf2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Mechanism\To.pdb

Imports

kernel32

GetTempPathW
GetExitCodeProcess
OpenProcess
lstrcmpA
LocalLock
LocalUnlock
GetFileSize
GlobalHandle
GlobalFree
GetPrivateProfileStringA
GetProfileStringA
GetProfileIntW
CompareStringA
GetShortPathNameA
GetACP
lstrcmpiA
MapViewOfFile
UnmapViewOfFile
CloseHandle
DebugBreak
InitializeCriticalSectionAndSpinCount
VirtualQueryEx
GetUserDefaultUILanguage
GetLocaleInfoW
SetProcessWorkingSetSize
FindResourceW
GlobalAlloc
GlobalLock
GlobalUnlock
GetSystemDirectoryW
CreateThread
FreeLibraryAndExitThread
TlsAlloc
TlsFree
HeapDestroy
TlsSetValue
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetThreadLocale
CompareStringW
IsProcessorFeaturePresent
FindAtomW
MultiByteToWideChar
GetAtomNameW
GetFileInformationByHandle
DeleteAtom
AddAtomW
LoadResource
LockResource
TlsGetValue
GetModuleFileNameW
DeactivateActCtx
ReleaseActCtx
GetModuleHandleW
HeapReAlloc
lstrlenW
lstrcmpW
lstrcmpiW
FindFirstFileW
FindClose
LocalAlloc
HeapFree
GetProcessHeap
HeapAlloc
SystemTimeToFileTime
SetEndOfFile
GetCurrentThread
DisableThreadLibraryCalls
LeaveCriticalSection
GetLastError
LocalReAlloc
CompareFileTime
UnhandledExceptionFilter
QueryPerformanceCounter
DeleteFileW
LocalFree
CreateFileW
GetFileTime
FindNextFileW
CreateDirectoryW
SetFileAttributesW
WriteFile
ReadFile
Sleep
EnterCriticalSection
ExitThread
IsBadReadPtr
GetStartupInfoW
GetFullPathNameW
QueryPerformanceFrequency
ReleaseMutex
CreateMutexW
lstrlenA
RaiseException
GetFileType
SetFilePointer
GetModuleHandleA
VirtualAlloc
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForSingleObject
ResetEvent
SetEvent
CreateEventW
GetSystemTime
DeviceIoControl
GetLocalTime
GetEnvironmentStrings
FreeEnvironmentStringsW
GetModuleFileNameA
FreeLibrary
MulDiv

user32

KillTimer
DefWindowProcW
EnumChildWindows
SetWindowPos
GetParent
MapWindowPoints
AdjustWindowRectEx
SetWindowLongW
InvalidateRect
SetTimer
CharUpperW
GetWindowLongW
ScreenToClient
NotifyWinEvent
GetPropW
SetPropW
SetRectEmpty
CopyRect
IntersectRect
DrawFocusRect
GetKeyNameTextW
IsRectEmpty
FillRect
GetSystemMetrics
InflateRect
DrawFrameControl
GetSysColor
GetSysColorBrush
CreateIconIndirect
ReleaseDC
LoadImageW
GetIconInfo
SetRect
CreateWindowExW
IsCharAlphaNumericW
SetCursor
SetParent
ShowWindow
IsChild
RedrawWindow
SetWindowTextW
SetWindowRgn
GetWindowRect
SetFocus
EnableWindow
GetKeyState
GetClientRect
SetScrollInfo
DestroyCursor
BeginPaint
GetDesktopWindow
IsIconic
GetWindowPlacement
MonitorFromRect
ChangeDisplaySettingsExA
EnumDisplayDevicesW
SetWindowsHookExW
GetDlgItemInt
SystemParametersInfoW
GetDlgItem
RegisterClassW
GetClassInfoW
GetAncestor
IsWindowVisible
EqualRect
MonitorFromWindow
GetMonitorInfoW
MoveWindow
GetWindowThreadProcessId
GetQueueStatus
MsgWaitForMultipleObjects
LoadCursorW
LoadStringW
GetWindowTextW
ChangeDisplaySettingsExW
OffsetRect
IsZoomed
SetDlgItemTextW
SetForegroundWindow
GetForegroundWindow
GetKeyboardState
CallWindowProcW
SetKeyboardState
ClientToScreen
IsWindow

gdi32

SetLayout

advapi32

RegFlushKey
RegEnumValueW
RegCreateKeyW
RegQueryInfoKeyW
CopySid
GetLengthSid
IsValidSid
EqualSid
GetSecurityDescriptorOwner
GetKernelObjectSecurity
RegQueryValueW
RegOpenCurrentUser
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegSetValueExW

shell32

SHGetFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

StringFromGUID2
CreateBindCtx
CoTaskMemAlloc
CoGetMalloc
MkParseDisplayName
StringFromCLSID
StgOpenStorage
StgIsStorageFile
IIDFromString
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoDisconnectObject
CreateStreamOnHGlobal
CLSIDFromString

msvcrt

memmove
sscanf
atoi
memset
wcsrchr
atol
free
malloc
iswalpha
wcstol
iswctype
wcschr
wcstoul
wcscspn
iswalnum
realloc
getenv

crypt32

CertGetEnhancedKeyUsage

shlwapi

PathAppendW
PathAddBackslashW
PathCreateFromUrlW
PathFindExtensionW
StrCmpW
SHStrDupW
PathFindFileNameW

winmm

waveOutSetVolume
waveOutWrite
waveOutUnprepareHeader
waveOutRestart
waveOutReset
waveOutPause
waveOutOpen
waveOutGetPosition
waveOutGetErrorTextW
waveOutGetDevCapsW
waveOutClose
waveOutGetNumDevs
midiOutReset
midiStreamOpen
midiStreamProperty
midiOutGetNumDevs
mixerGetNumDevs
timeGetTime
timeSetEvent
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
timeKillEvent
midiStreamOut
mixerSetControlDetails
midiStreamRestart
midiOutPrepareHeader
midiStreamPosition
midiOutGetErrorTextW
midiStreamClose

userenv

GetUserProfileDirectoryW

uxtheme

GetThemeFont
GetThemeMetric
GetThemeAppProperties
IsAppThemed
GetThemePartSize
GetThemeMargins
GetThemeColor

Exports

Exports

NecessaryMoreMayPackages
UpdateTheVersion

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 32KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afdecf63431f513d6e3fe604ca94dcf2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcrt

crypt32

shlwapi

winmm

userenv

uxtheme

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.idata Size: 12KB - Virtual size: 10KB

.rdata Size: 36KB - Virtual size: 32KB

.xdata Size: 32KB - Virtual size: 301KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 45KB

.idata
Size: 12KB - Virtual size: 10KB

.rdata
Size: 36KB - Virtual size: 32KB

.xdata
Size: 32KB - Virtual size: 301KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 2KB