125b7840b60466927c99faf37de414ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

125b7840b60466927c99faf37de414ff_JaffaCakes118
Size

120KB
MD5

125b7840b60466927c99faf37de414ff
SHA1

d0ee0f3f78e32c762b5342599f86d5af90810ee8
SHA256

ea64c38c39d7e7c6a26f2814e0333707069745d07c37836f78e5cdb2709ab0ed
SHA512

adaba64a8dc54367ec3d4e6eb353f40fbbe1d25df7cdb41daaf8f17cf2cc5dd6f4a9dd7f907aa379e41dedb997904cf4699e4a092927a7b360b950023a73f87c
SSDEEP

3072:7+UmFmAu8ICc6L/hsFM9lks5I13kXmITq2chrhGLBqA9:77mFmd/Ccw+FMPidKbTq2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
125b7840b60466927c99faf37de414ff_JaffaCakes118

Files

125b7840b60466927c99faf37de414ff_JaffaCakes118
.dll windows:4 windows x86 arch:x86

903251cfb970d29336b3b99a057e0584

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAddAtomW
GlobalFlags
WriteConsoleOutputAttribute
FindFirstVolumeMountPointW
FreeLibrary
WriteTapemark
LocalLock
AddAtomA
GetConsoleOutputCP
GetVolumePathNameW
Beep
ExitVDM
SetCalendarInfoW
GetNumberOfConsoleMouseButtons
SetMailslotInfo
LocalSize
GetModuleHandleA
GetDriveTypeW
SetTimerQueueTimer
GetProfileStringW
LocalAlloc
WriteConsoleInputA
CreateJobObjectW
SetConsoleWindowInfo
VirtualAlloc
MultiByteToWideChar
GetConsoleScreenBufferInfo
SleepEx
GetThreadPriority
GetModuleHandleW
LoadLibraryW
GetFullPathNameA
HeapUnlock
CreateTapePartition
SetSystemPowerState
GetConsoleTitleA
OpenEventW
GetCommModemStatus
VerLanguageNameA
TerminateJobObject
SetConsoleNumberOfCommandsA
GetSystemTime
SetCommBreak
SetCurrentDirectoryA
OpenMutexW
GetCurrentDirectoryA
GetCompressedFileSizeW
FlushInstructionCache
LoadLibraryA
GetLocalTime
FindNextFileW
VerLanguageNameW
WaitForMultipleObjects
SetUnhandledExceptionFilter
GetCommTimeouts
FindClose
SetConsoleCursor
GetNamedPipeHandleStateA
RegisterWaitForInputIdle
CreateEventA
GetVersion
GetProcAddress
GetHandleInformation
IsValidLocale

user32

UnhookWindowsHookEx
InsertMenuItemW
RealChildWindowFromPoint
ModifyMenuA
FillRect
PeekMessageA
DefWindowProcA
SetWindowContextHelpId
GetWindowPlacement
TranslateAcceleratorW
CreateDialogParamW
EnableWindow
GetClassInfoExW
SetWindowsHookExA
IsCharUpperW
ImpersonateDdeClientWindow
BringWindowToTop
GetClassNameW
GetScrollRange
MsgWaitForMultipleObjects
IsWindowUnicode
GetMenuDefaultItem
SetMenuItemBitmaps
ToAsciiEx
DestroyIcon
CascadeChildWindows
GetMenuItemInfoW
CreateMenu
SetClassLongA
InSendMessageEx
GetMenuContextHelpId
MessageBoxExA
DrawIconEx
GetMenuCheckMarkDimensions
CreateDesktopW
SetCaretPos
GetKBCodePage
ChangeDisplaySettingsA
GetKeyboardLayoutNameW
ChangeMenuW
GetWindowThreadProcessId
TileChildWindows
EndMenu
SetMessageExtraInfo
SetKeyboardState
SetMessageQueue
GetLastActivePopup
DdeConnectList
EndPaint
PostQuitMessage
SetCapture
MessageBoxW
GetForegroundWindow
LoadCursorW
IsRectEmpty
LoadBitmapW
GetDCEx
GetMonitorInfoW
UnionRect
SetWindowsHookW
GetMenuStringA
GetClientRect
EnumWindows
DrawTextW
GetMessageExtraInfo
GetMessageA
DrawTextExW
ToUnicodeEx
CreateMDIWindowA
DdeQueryNextServer
DrawStateA
UnregisterClassA
GetUpdateRect
CharLowerA
CharToOemW

advapi32

LookupPrivilegeDisplayNameW
LookupAccountNameW
GetOverlappedAccessResults
LsaGetRemoteUserName
ReadEventLogA
QueryServiceObjectSecurity
AddAuditAccessObjectAce
LookupPrivilegeNameW
CheckTokenMembership
ImpersonateLoggedOnUser
GetMultipleTrusteeW
ElfBackupEventLogFileW
ObjectDeleteAuditAlarmW
BuildTrusteeWithSidW
GetFileSecurityW
GetServiceDisplayNameW
BuildTrusteeWithNameW
TrusteeAccessToObjectA
LsaClose
I_ScSetServiceBitsA
SystemFunction011
SystemFunction021
EqualPrefixSid
CreateServiceA
LsaLookupNames
GetCurrentHwProfileA
AddAccessDeniedObjectAce
CryptReleaseContext
RegRestoreKeyA
LsaSetSecurityObject
AddAce
QueryServiceLockStatusA
SetTokenInformation
LsaOpenTrustedDomain
LsaSetInformationTrustedDomain
NotifyChangeEventLog
ConvertSidToStringSidW
OpenEventLogA
GetExplicitEntriesFromAclA
RegQueryInfoKeyW
EnumDependentServicesA
IsValidSecurityDescriptor
RegCreateKeyExA
AccessCheckAndAuditAlarmA
ElfReadEventLogW
LookupPrivilegeNameA
QueryRecoveryAgentsOnEncryptedFile
ElfDeregisterEventSource
SetEntriesInAclA
RegOpenKeyExW
AddAuditAccessAceEx
CryptGetHashParam
LsaEnumeratePrivilegesOfAccount
CryptSetProviderW
CryptContextAddRef
SetUserFileEncryptionKey
ElfReportEventA
IsTokenRestricted
RegSetValueExW
SetServiceBits
LookupPrivilegeValueW
GetNamedSecurityInfoExW
LsaGetSystemAccessAccount
LsaRetrievePrivateData
RegQueryValueW
TrusteeAccessToObjectW

opengl32

glVertex3s
glGenLists
glLoadMatrixd
wglCreateContext
glEvalMesh2
glRasterPos3f
glEnableClientState
wglShareLists
glOrtho
wglUseFontBitmapsW
glGetPolygonStipple
wglUseFontBitmapsA
glVertex4s
glRasterPos2d
glReadBuffer
glVertex2dv
glTexCoord1fv
wglDeleteContext
glTexCoord4i
glFinish
glGetIntegerv
glLineWidth
glMultMatrixd
glColor4ubv
glVertex2fv
glTexCoord4iv
glIndexMask
glColor3d
glViewport
wglMakeCurrent
glPointSize
glScissor
glListBase
glEvalCoord2fv
glIndexd
glRasterPos4dv
glLightModeliv

shell32

SHUpdateRecycleBinIcon
ExtractIconW
SHGetDataFromIDListA
DragQueryPoint
StrNCmpA
StrNCmpIW
DragFinish
SHInvokePrinterCommandW
SHGetFileInfoW
StrNCmpIA
DoEnvironmentSubstW
StrRChrW
StrRChrIW
FreeIconList
ExtractAssociatedIconExA
StrRChrA
SHGetPathFromIDListW
ExtractIconA
SHGetDiskFreeSpaceA
StrCmpNIA
DragQueryFileW
CommandLineToArgvW
ShellHookProc
SHAddToRecentDocs
SHFormatDrive
DragAcceptFiles
SHQueryRecycleBinA
CheckEscapesW
SHLoadInProc
StrChrIW
SHFileOperationA
SHBrowseForFolderW
StrStrW
StrCmpNIW
StrNCmpW
InternalExtractIconListA

version

VerFindFileA
GetFileVersionInfoSizeW
VerFindFileW
GetFileVersionInfoW
VerQueryValueA
VerInstallFileA
VerInstallFileW

winspool.drv

AdvancedSetupDialog
EndPagePrinter
ConvertUnicodeDevModeToAnsiDevmode
EnumPrintProcessorDatatypesA
DeletePrinterDataW
OpenPrinterW
SetPrinterDataW
ResetPrinterA
EnumPrintersA
ResetPrinterW
AddPortExA
SplDriverUnloadComplete
ord101
ord102
GetPrinterDataA
EnumPrintProcessorsA
AddPortA
DeleteFormA
OpenPrinterA
SetFormW
StartDocDlgA
ord100
DevicePropertySheets
DeletePrinterDriverExA
DeletePrintProcessorA
DeletePrintProcessorW
PlayGdiScriptOnPrinterIC
ord210
DeletePrintProvidorW
ord203
AddPrintProcessorA
EnumPrinterKeyA
EnumJobsA
EnumPrinterDataW
AddMonitorW
GetFormA
DocumentPropertiesA
AddFormW
ReadPrinter
WritePrinter

msvcrt

_unlink
_fmode
_wexecve
memset
printf
feof
fwprintf
fsetpos
__STRINGTOLD
fputc
_swab
fread
fwrite
fseek
fopen
_mbslwr
fputs
_HUGE
sprintf
_mbscpy
freopen
fclose
_mbscat
ferror
_purecall
ftell
fprintf
ungetwc
_ungetch

Exports

Exports

Fvpzqequ
Irybfk
Mfnspvl
Mnybegjtyz
Sbxs
Ubxlny
Uneppfkzbj
Vdokdwf
Vskhfody

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

903251cfb970d29336b3b99a057e0584

Headers

File Characteristics

Imports

kernel32

user32

advapi32

opengl32

shell32

version

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 52KB - Virtual size: 48KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 52KB - Virtual size: 48KB

.reloc
Size: 8KB - Virtual size: 6KB