15a4be5dc47d8912dfca406c29b44d35_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15a4be5dc47d8912dfca406c29b44d35_JaffaCakes118
Size

446KB
MD5

15a4be5dc47d8912dfca406c29b44d35
SHA1

53c9c83d15efb12b02b6de90fc131b226d3ad5f5
SHA256

d6afde3aa5542eb1b69ee75909063732807705ee5b946598fab310c4997b519d
SHA512

724616d0de10409a57272a6ae129496b99004a8087a97b981502267a3ac0f601808ff487258d474d443bd68eee67da090ab5aaf19600a7d4422c9a4d88b7cef6
SSDEEP

12288:bPMdQ3M69NRpWSIvCEymBtS6O87gmfHFU3P:bdM6pp2vzyGSx8UsH+3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15a4be5dc47d8912dfca406c29b44d35_JaffaCakes118

Files

15a4be5dc47d8912dfca406c29b44d35_JaffaCakes118
.dll windows:4 windows x86 arch:x86

70f23c8ea8a5399357868922f099e861

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CreateStreamOnHGlobal

advapi32

RemoveTraceCallback
GetEventLogInformation
RegEnumKeyExA
RegQueryValueExA

kernel32

IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReleaseMutex
RtlUnwind
SetThreadContext
SetTimerQueueTimer
SizeofResource
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteTapemark
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
GetTickCount
GetSystemTimeAsFileTime
GetProcessPriorityBoost
GetModuleHandleA
GetMailslotInfo
GetLastError
GetFullPathNameW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
GetCommProperties
FreeLibrary
FindResourceA
ExitProcess
EnterCriticalSection
DisableThreadLibraryCalls
CreateThread
CreateMutexA
CreateFileA
CloseHandle

gdi32

SetTextAlign
SetMapMode
SetBkMode
SetBkColor
SetAbortProc
SelectObject
InvertRgn
GetWinMetaFileBits
GetTextMetricsW
GetTextMetricsA
GetObjectA
GetGlyphOutlineA
GetFontLanguageInfo
FloodFill
ExtTextOutW
ExtTextOutA
DeleteObject
DeleteDC
CreateFontIndirectW
CreateFontIndirectA
CreateDIBSection
CreateCompatibleDC
CloseFigure

msvcrt

_CIacos
_CIasin
_CIatan
_CIcos
_CIsin
_CIsqrt
_XcptFilter
__dllonexit
__p__winver
_amsg_exit
_atoi64
_controlfp
_finite
_get_sbh_threshold
_initterm
_j0
_stricmp
_unlock
_vsnprintf
_wsearchenv
cos
floor
free
iswalpha
iswprint
iswpunct
iswspace
memcpy
memmove
qsort
swscanf
tolower

dinput

DirectInputCreateA

Exports

Exports

GetItemString
InPlaceXor
SetDefaults
access_version_number
set_IHDR
set_pHYs

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70f23c8ea8a5399357868922f099e861

Headers

File Characteristics

Imports

ole32

advapi32

kernel32

gdi32

msvcrt

dinput

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 254KB - Virtual size: 253KB

.data Size: 69KB - Virtual size: 71KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 254KB - Virtual size: 253KB

.data
Size: 69KB - Virtual size: 71KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 6KB - Virtual size: 5KB