1790691dc983c9810bc692b8d1b2c073_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1790691dc983c9810bc692b8d1b2c073_JaffaCakes118
Size

412KB
MD5

1790691dc983c9810bc692b8d1b2c073
SHA1

b7336b3562641678f78d64138a614d54f1fbddb1
SHA256

a3443750b61f100e14f61d4e89ed0f7357fc8290c545692f5ea43d765cb54c12
SHA512

2cc703081d3b00a04227cd02b2420f0476b9a291f87bce2da5bb1b5a7e1eed38682eaf648a6afec610ba39eb902d2f6f7e924f2d2b722ccee310e6addabaf234
SSDEEP

6144:I8Tl8+M45XKuRBXX8aTJVk82lUO6KrYBnB40E1y3P65GSsz+m1ncN43f0fnnC+:tTq+MkKeXlVknUYF1yQb+M4PmC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1790691dc983c9810bc692b8d1b2c073_JaffaCakes118

Files

1790691dc983c9810bc692b8d1b2c073_JaffaCakes118
.dll windows:4 windows x86 arch:x86

555a9eb3170e49139b5f3e8152b17699

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegQueryValueExA
SystemFunction004
CloseTrace

msvcrt

_finite
_getsystime
_initterm
wcscoll
tolower
strlen
qsort
iswspace
free
floor
_vsnprintf
_unlock
_stricmp
_CIacos
_j0
_atoi64
_amsg_exit
_adj_fdiv_m16i
__p__winver
__dllonexit
__RTDynamicCast
__CxxLongjmpUnwind
_XcptFilter
_CxxThrowException
_CIsqrt
_CIcos
_CIasin

dinput

DirectInputCreateA

kernel32

InterlockedIncrement
WriteTapemark
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjects
VirtualAlloc
TryEnterCriticalSection
SetupComm
SetThreadContext
RtlUnwind
ReleaseMutex
ReadFile
QueryPerformanceCounter
CloseHandle
CreateMutexA
DisableThreadLibraryCalls
EnterCriticalSection
ExitProcess
FindResourceA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFullPathNameW
OutputDebugStringA
GetMailslotInfo
GetModuleHandleA
GetProcessAffinityMask
GetProcessPriorityBoost
GetSystemTimeAsFileTime
GetTickCount
GetVersion
InterlockedCompareExchange
InterlockedExchange
GetLastError
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LocalAlloc
MapUserPhysicalPagesScatter
MultiByteToWideChar

ole32

CreateStreamOnHGlobal

gdi32

SetBkMode
GetTextMetricsA
GetObjectA
SetMapMode
ExtTextOutA
DeleteObject
DeleteDC
CreateFontIndirectW
CreateFontIndirectA
CreateCompatibleDC
CloseFigure
SetTextAlign
ExtTextOutW

Exports

Exports

Dir
Instance_NewRaw
read_info
write_png

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

555a9eb3170e49139b5f3e8152b17699

Headers

File Characteristics

Imports

advapi32

msvcrt

dinput

kernel32

ole32

gdi32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 249KB - Virtual size: 248KB

.data Size: 70KB - Virtual size: 70KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 249KB - Virtual size: 248KB

.data
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 3KB - Virtual size: 3KB