1480bf976a53c557c37bc8f8db5ca537_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1480bf976a53c557c37bc8f8db5ca537_JaffaCakes118
Size

376KB
MD5

1480bf976a53c557c37bc8f8db5ca537
SHA1

c3db7c94133d7eeeb7c54fa40d60e7600338c685
SHA256

98c801307af19c6d9681d22741752399cc3c3ad2eccd8b1b3e206c9dcf6b3a42
SHA512

1b6a15f34af9aee800fb812ea5ed5e5377865782000ed5a6e0ce8222fa7865ce3275030fb3028f864c96a35d6fe19d6ae55eecf9be754d2eeb0ff4274e2f8a35
SSDEEP

6144:2UGtcYJ7kIWjEzgjD0UsXNbuvxrvKbOeHfXHAxiehcl/bTwV25mLF1WzbfOk:2UGP7kIWg8Iu5rvne/3OZhET541s6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1480bf976a53c557c37bc8f8db5ca537_JaffaCakes118

Files

1480bf976a53c557c37bc8f8db5ca537_JaffaCakes118
.dll windows:4 windows x86 arch:x86

53bb0becea12e063c778f98784d7d3b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CreateStreamOnHGlobal

msvcrt

toupper
tolower
scanf
qsort
memset
memmove
memcpy
malloc
iswspace
iswpunct
iswdigit
free
abs
_wpgmptr
_wopen
_vsnprintf
_unlock
_unloaddll
_stricmp
_onexit
_lock
_isnan
_finite
_cputs
_amsg_exit
__dllonexit
__CxxFrameHandler
_XcptFilter
_CxxThrowException
_CIsqrt
_CIsin
_CIcos
_CIatan2
_CIatan
_CIacos

gdi32

SetTextColor
SetMapMode
SetLayout
SetBkColor
SelectObject
MoveToEx
GetTextMetricsW
GetTextMetricsA
GetObjectA
GetGlyphOutlineA
GetFontLanguageInfo
GetEnhMetaFilePixelFormat
GetCharacterPlacementW
GetCharacterPlacementA
ExtTextOutW
ExtTextOutA
DeleteObject
CreateHalftonePalette
CreateFontIndirectW
CreateFontIndirectA
CreateDiscardableBitmap
CreateDIBSection
AbortDoc
TranslateCharsetInfo

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegCloseKey

kernel32

GetVersion
GetTickCount
GetTapeStatus
HeapWalk
WaitForSingleObject
GetProcessAffinityMask
GetProcAddress
GetOverlappedResult
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsProcessorFeaturePresent
LoadLibraryA
LoadResource
LocalUnlock
LockResource
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
ReadFile
ReleaseMutex
SetProcessAffinityMask
SetUnhandledExceptionFilter
SizeofResource
TlsAlloc
Toolhelp32ReadProcessMemory
UnhandledExceptionFilter
UnregisterWait
VirtualAlloc
GetSystemTimeAsFileTime
WaitForMultipleObjects
WideCharToMultiByte
WriteFile
WriteFileGather
GetProcessPriorityBoost
CloseHandle
CreateFileA
CreateMutexA
CreateTapePartition
CreateThread
DebugBreak
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
ExitProcess
FindResourceA
FindResourceW
FreeLibrary
GetACP
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
GetFileSizeEx
GetFullPathNameW
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents

Exports

Exports

CreateLine
CreateTextW
CreateThumbnailFromFile
MatrixPerspectiveRH
ReallocADsMem
mpegInOpenSecondary

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53bb0becea12e063c778f98784d7d3b3

Headers

File Characteristics

Imports

ole32

msvcrt

gdi32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 168KB - Virtual size: 167KB

.data Size: 70KB - Virtual size: 70KB

.rsrc Size: 64KB - Virtual size: 64KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 168KB - Virtual size: 167KB

.data
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 3KB - Virtual size: 3KB