11d8a17eb7d55adb1a327ce7a796889f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

11d8a17eb7d55adb1a327ce7a796889f_JaffaCakes118
Size

56KB
MD5

11d8a17eb7d55adb1a327ce7a796889f
SHA1

c334cf2d50638802daf5825e6775ad7e5f43ff3c
SHA256

76c7139f8ad877416f310a55340eaeff8053c746f7c6a7de7f9f9260d42406c4
SHA512

9ad5c001e8590af5ba129a1d7b892a3ace80ae585b9253127bfa2f22ef15a41f825c0f613c7a4f7c5d8def905b5f4b5f186bdc955ac24c2f02f59ba1c442cee4
SSDEEP

1536:BlgaPsJpzvZCPOvduAiPuR+TOOtfBzsHgVjZruz:BlgaP2z5d78KOtxqMB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11d8a17eb7d55adb1a327ce7a796889f_JaffaCakes118

Files

11d8a17eb7d55adb1a327ce7a796889f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

bba75be9a5c290cf651032587d830b07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ord17

shlwapi

PathFileExistsW
PathCombineW

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcpynW
MulDiv
InterlockedIncrement
MultiByteToWideChar
InterlockedDecrement
lstrlenW
CompareStringW
GetPrivateProfileIntW
GlobalAddAtomW
TlsAlloc
GetModuleHandleW
GetCurrentThread
GlobalDeleteAtom
GetLastError
GetDateFormatW
DeleteFileW
FileTimeToSystemTime
FindClose
FindFirstFileW
CloseHandle
ReadFile
CreateFileW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InitializeCriticalSection
Sleep
InterlockedExchange
IsDebuggerPresent
InterlockedCompareExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

GetDlgItem
SetWindowLongW
GetWindowLongW
GetWindowRect
SetRectEmpty
MapWindowPoints
PostMessageW
IsWindowUnicode
SetWindowLongA
CallWindowProcW
GetCapture
ReleaseCapture
GetAsyncKeyState
SetCapture
LoadAcceleratorsW
MessageBoxW
GetClientRect
ClientToScreen
PtInRect
GetSubMenu
DeleteMenu
EnableMenuItem
DestroyMenu
GetMenuItemID
SetWindowTextW
CopyAcceleratorTableW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
MapVirtualKeyW
GetKeyNameTextW
CharNextW
KillTimer
LoadCursorW
SetTimer
InvalidateRect
SendMessageW

gdi32

DeleteObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

msvcr90

_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_wfopen
fwrite
fclose
_itow
fwprintf
fputws
fputwc
wcscat
wcscmp
memmove_s
_wtoi
_mktime64
__CppXcptFilter
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_localtime64
memcpy
wcscpy
_wcsicmp
wcslen
realloc
tolower
_vsnprintf
??2@YAPAXI@Z
_time64
malloc
??3@YAXPAX@Z
??_V@YAXPAX@Z
__CxxFrameHandler3
memset
free
_wcsdup
_vsnwprintf
??_U@YAPAXI@Z
_purecall

Exports

Exports

winampGetMediaLibraryPlugin

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bba75be9a5c290cf651032587d830b07

Headers

File Characteristics

Imports

comctl32

shlwapi

kernel32

user32

gdi32

shell32

msvcr90

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 5KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 5KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 4KB