16a0a4948ce13bf3e3cb56d083e0e7e4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16a0a4948ce13bf3e3cb56d083e0e7e4_JaffaCakes118
Size

364KB
MD5

16a0a4948ce13bf3e3cb56d083e0e7e4
SHA1

1effc0cb4e61a1a51dcb7b03e9f00ab36e0759c2
SHA256

d9608d17682fa2d9bf568d7f2f0074eaf1fa128b5d4e9b0677398fcbb911c723
SHA512

c03de6d0d8d67167184f17cac5e3ed944b582741ce7dc47297c86cbac1596c27b9786272212bd43487014b6ea6e05ab4c19afacb51e85907a009f4997480a46b
SSDEEP

6144:EwM3I4nEYm2WLZz9PGGISkraoIX4NRZLLd/BZpymJZBS+tSfEwv5wyQ:XkI4nJmRz9PGGjkrgoN9Ppymfkn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16a0a4948ce13bf3e3cb56d083e0e7e4_JaffaCakes118

Files

16a0a4948ce13bf3e3cb56d083e0e7e4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8c9ed133db925f3ed9f4f2b627b8de88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dsound.pdb

Imports

advapi32

RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
RegOpenKeyW

kernel32

CloseHandle
GetFullPathNameW
GetModuleFileNameW
GetModuleHandleW
lstrcmpiW
GetFileSize
SetFilePointer
ReadFile
CreateFileW
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
DuplicateHandle
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
lstrlenA
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
lstrcpynW
GetVersionExW
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetPriorityClass
GetCurrentThread
lstrcatW
lstrcpyW
lstrcmpW
CreateMutexW
ReleaseMutex
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
SetEvent
lstrcpyA
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
OpenEventW
CreateThread
CreateEventW
GetExitCodeThread
OpenProcess
GetSystemDirectoryW
GetOverlappedResult
DeviceIoControl
ResetEvent
GetTickCount
WaitForMultipleObjects
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetWindowsDirectoryW
SetLastError
GetPrivateProfileStringW
SetUnhandledExceptionFilter
VerifyVersionInfoW
WaitForSingleObject
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
MulDiv

msvcrt

wcsrchr
__CxxFrameHandler
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
_isnan
_ftol
_CIpow
free
_wcsicmp

ntdll

NtQueryInformationProcess
VerSetConditionMask

ole32

CoCreateInstance

rpcrt4

UuidFromStringW

user32

wsprintfW
GetParent
GetForegroundWindow
GetWindowPlacement
CharUpperW
GetWindowThreadProcessId
EnumWindows
LoadStringW
CharLowerBuffW
IsWindow

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

waveInGetPosition
timeBeginPeriod
timeEndPeriod
mixerSetControlDetails
mixerOpen
mixerGetLineInfoW
mixerGetLineControlsW
mixerGetControlDetailsW
mixerClose
waveOutGetPosition
waveOutPrepareHeader
waveOutGetDevCapsW
waveInGetDevCapsW
waveOutGetVolume
waveOutSetVolume
waveOutMessage
waveInMessage
waveOutGetNumDevs
waveInGetNumDevs
waveOutOpen
waveOutClose
waveInOpen
waveInClose
timeGetTime
waveInUnprepareHeader
waveInStop
waveInReset
waveOutWrite
waveInAddBuffer
waveInPrepareHeader
waveInStart
waveOutUnprepareHeader
waveOutReset
waveOutRestart
waveOutPause

Exports

Exports

DirectSoundCaptureCreate
DirectSoundCaptureCreate8
DirectSoundCaptureEnumerateA
DirectSoundCaptureEnumerateW
DirectSoundCreate
DirectSoundCreate8
DirectSoundEnumerateA
DirectSoundEnumerateW
DirectSoundFullDuplexCreate
DllCanUnloadNow
DllGetClassObject
GetDeviceID

Sections

.text
Size: 338KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.prix
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boxer
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code9
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8c9ed133db925f3ed9f4f2b627b8de88

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

ole32

rpcrt4

user32

version

winmm

Exports

Exports

Sections

.text Size: 338KB - Virtual size: 340KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 11KB - Virtual size: 12KB

.prix Size: 3KB - Virtual size: 4KB

.boxer Size: 1KB - Virtual size: 4KB

.code9 Size: 512B - Virtual size: 4KB

.text
Size: 338KB - Virtual size: 340KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 11KB - Virtual size: 12KB

.prix
Size: 3KB - Virtual size: 4KB

.boxer
Size: 1KB - Virtual size: 4KB

.code9
Size: 512B - Virtual size: 4KB