24ee20a9ee60361ed92ab03d5ee9d058_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24ee20a9ee60361ed92ab03d5ee9d058_JaffaCakes118
Size

485KB
MD5

24ee20a9ee60361ed92ab03d5ee9d058
SHA1

d1bb8ac48c1f1ad7b2d04ce9ca51d5f51b576b45
SHA256

bd9a0bb246c4330b42598235e0311a209b7272c158047d989c66c6110dcb190e
SHA512

2d2fae36f3955aa559cab7efedc479fca08f7e309ba47ea80c77e7d833fbad37303659bd01fc47653c0a7387c420ce18adb94d07b7eb59d7af5c98e9f1335efe
SSDEEP

12288:gykEwvxMZ1QQRfnr+Tc/hDNWkL+uiyeGyM5MLOeaS:NcO1QQRfnr+Tc/hDRL5iHGyM50OL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24ee20a9ee60361ed92ab03d5ee9d058_JaffaCakes118

Files

24ee20a9ee60361ed92ab03d5ee9d058_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1af6e7a9fbe86f98f22610960e9523f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

msvcr100

_except_handler3
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
_initterm
memcpy
__CxxFrameHandler3
strstr
ceil
memmove
_ftol
vsprintf
_strnicmp
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_stricmp
_encoded_null
_malloc_crt
_except_handler4_common
calloc
_beginthreadex
wcstombs
atoi
realloc
strncat
strncpy
strrchr
free
malloc
strchr
sprintf
printf
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_purecall
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_CxxThrowException

kernel32

InterlockedExchange
CancelIo
Sleep
ResetEvent
WideCharToMultiByte
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
GetLastError
CreateDirectoryA
GetFileAttributesA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
lstrcpyA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
DeleteFileA
GetFileSize
CreateFileA
WriteFile
SetFilePointer
MoveFileA
ReadFile
GetModuleFileNameA
SetLastError
GetSystemDirectoryA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
MoveFileExA
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetLocalTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetStartupInfoA
CreatePipe
SizeofResource
LoadResource
FindResourceA
DeviceIoControl
LoadLibraryExA
GetModuleHandleA
SetFileAttributesA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
LocalSize
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
EncodePointer
DecodePointer
InterlockedCompareExchange
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
CreateEventA
GetLogicalDriveStringsA

user32

PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
GetCursorPos
SetRect
GetDesktopWindow
GetDC
ReleaseDC
GetCursorInfo
SendMessageA
SystemParametersInfoA
BlockInput
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
DispatchMessageA
TranslateMessage
GetMessageA
CloseWindow
GetClientRect
SetClipboardData
CloseClipboard
CreateWindowExA
wsprintfA
CharNextA
GetWindowTextA
GetActiveWindow
GetKeyNameTextA
CallNextHookEx
UnhookWindowsHookEx
LoadCursorA
DestroyCursor
mouse_event
keybd_event
MapVirtualKeyA
SetCapture
SetWindowsHookExA
WindowFromPoint
SetCursorPos

gdi32

BitBlt
CreateCompatibleDC
DeleteObject
GetDIBits
CreateCompatibleBitmap
DeleteDC
SelectObject
CreateDIBSection

advapi32

RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
LookupAccountSidA
RegEnumKeyExA
GetTokenInformation
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegEnumValueA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

winmm

waveInUnprepareHeader
waveInReset
waveInClose
waveOutPrepareHeader
waveOutOpen
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveInStop
waveInOpen
waveOutGetNumDevs
waveInGetNumDevs
waveInPrepareHeader
waveInStart
waveOutWrite
waveInAddBuffer

ws2_32

getsockname
gethostname
socket
htons
connect
WSAIoctl
WSACleanup
setsockopt
ntohs
gethostbyname
closesocket
send
select
recv
WSAStartup

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Exports

Exports

ResetSSDT
ServiceMain

Sections

.text
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1af6e7a9fbe86f98f22610960e9523f8

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

msvcr100

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

ws2_32

msvcp100

imm32

wininet

psapi

wtsapi32

Exports

Exports

Sections

.text Size: 398KB - Virtual size: 397KB

.rodata Size: 11KB - Virtual size: 10KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 7KB - Virtual size: 469KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 398KB - Virtual size: 397KB

.rodata
Size: 11KB - Virtual size: 10KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 7KB - Virtual size: 469KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 17KB - Virtual size: 16KB