1187a7ea81e39e419a9437200e474f62_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1187a7ea81e39e419a9437200e474f62_JaffaCakes118
Size

437KB
MD5

1187a7ea81e39e419a9437200e474f62
SHA1

bb7906c73e2ad2f99dcbab9e4cddc498545f6071
SHA256

b56c98372b40ec4e20fae4bc35adc75c02bd5dba81db932bad769a0dcb425cda
SHA512

3382e2637853ce6ad77caf9220a2a69e86ca0f5dec747c7e1a6ba9ba05ca9cea5654f79c285a454e2f6fa4bd3702027fd64a70d7d3190b97ce7063741a54756c
SSDEEP

12288:VHWvhEc7SUxdjl34/UpBMqhikAu7qSq6BhV:suedjm67Oj6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1187a7ea81e39e419a9437200e474f62_JaffaCakes118

Files

1187a7ea81e39e419a9437200e474f62_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6adcf883f23479e100562eda71ddaa2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CreateStreamOnHGlobal

dinput

DirectInputCreateA

gdi32

CreateFontIndirectA
DeleteDC
DeleteEnhMetaFile
DeleteObject
ExtTextOutA
ExtTextOutW
GetFontLanguageInfo
GetGlyphOutlineA
GetMetaRgn
CreateDIBSection
GetTextMetricsA
GetTextMetricsW
PolyDraw
SelectObject
SetBkColor
SetBkMode
SetMapMode
SetTextAlign
GetObjectA
CreateCompatibleDC
CloseFigure

msvcrt

tolower
qsort
memmove
memcpy
malloc
iswspace
iswprint
iswalpha
free
floor
bsearch
_vsnprintf
_unlock
_stricmp
_j0
_ismbbpunct
_initterm
_atoi64
_amsg_exit
__dllonexit
_Strftime
_CxxThrowException
_CIsqrt
_CIsin
_CIatan
_CIasin
_CIacos

advapi32

RegQueryValueExA
RegCloseKey
CreateProcessWithLogonW
RemoveTraceCallback

kernel32

WaitForSingleObject
WideCharToMultiByte
UnhandledExceptionFilter
TryEnterCriticalSection
TerminateProcess
SizeofResource
SetThreadContext
RtlUnwind
ReleaseMutex
ReadFile
QueryPerformanceCounter
Process32Next
OutputDebugStringA
OpenThread
MultiByteToWideChar
MapUserPhysicalPagesScatter
LockResource
LocalAlloc
LoadResource
LoadLibraryA
LeaveCriticalSection
IsValidLanguageGroup
IsProcessorFeaturePresent
IsBadHugeWritePtr
InterlockedIncrement
WriteTapemark
VirtualAlloc
_llseek
WaitForMultipleObjects
CloseHandle
CreateFileA
CreateMutexA
CreateThread
DisableThreadLibraryCalls
EnterCriticalSection
ExitProcess
FindResourceA
GetACP
GetCommProperties
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFullPathNameW
GetLastError
GetMailslotInfo
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetProcessAffinityMask
GetProcessPriorityBoost
GetSystemTimeAsFileTime
GetThreadPriorityBoost
GetTickCount
GetVersion
InterlockedCompareExchange
InterlockedExchange

Exports

Exports

BadArgument
InPlaceRemainder
InPlaceXor
List_Type
_flags
_strtoul
get_channels
get_image_width
get_text

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6adcf883f23479e100562eda71ddaa2f

Headers

File Characteristics

Imports

ole32

dinput

gdi32

msvcrt

advapi32

kernel32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 269KB - Virtual size: 269KB

.data Size: 69KB - Virtual size: 69KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 269KB - Virtual size: 269KB

.data
Size: 69KB - Virtual size: 69KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 3KB - Virtual size: 3KB