251873cdd84b368db65cf2a54b31f42d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

251873cdd84b368db65cf2a54b31f42d_JaffaCakes118
Size

399KB
MD5

251873cdd84b368db65cf2a54b31f42d
SHA1

3010ec18153748b7b6425795eefcfbfa5fdfd821
SHA256

68256e6adf2ed25d561bf910fd105aa6121b50c04ac055a9dfd805f6153e2fa2
SHA512

4652d48cabe21f938fbb29038de9a87a276d2befc6109b3a96c99cd9f1a7c90a0407fba972398ca328e7d483991a65c64a82ecab3cc62176baaf8fd78ec28e3c
SSDEEP

6144:aJ5KkNXZ7S0gRMaEl923IDjszt8T62RjN9NaSp+p24GoiRct9:YEk1Q0g0Mu62RjbcbplsRct9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
251873cdd84b368db65cf2a54b31f42d_JaffaCakes118

Files

251873cdd84b368db65cf2a54b31f42d_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

cb2d9a1e4a36fa9226b14f34ea5fceb6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WMM2FILT.pdb

Imports

msvcrt

__dllonexit
??2@YAPAXI@Z
memmove
free
realloc
_ftol
_purecall
malloc
wcscpy
_wtoi
_except_handler3
__CxxFrameHandler
printf
fprintf
_iob
?terminate@@YAXXZ
_snwprintf
_wcsicmp
_onexit
??3@YAXPAX@Z
_adjust_fdiv
_initterm
atof
sprintf
swscanf
swprintf
vswprintf
iswdigit
wcscmp
wcsncpy
_wcslwr
wcslen
wcsstr

kernel32

InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
ResetEvent
SetEvent
SetThreadPriority
CreateEventW
CloseHandle
WriteFile
ReadFile
WaitForSingleObject
lstrlenW
CreateFileW
GetTempFileNameW
DeleteFileW
SetEndOfFile
SetFilePointerEx
GetLastError
GlobalMemoryStatus
MulDiv
GetCurrentThread
GetCurrentThreadId
GetFileAttributesW
SetErrorMode
VirtualAlloc
Sleep
GetTempPathW
QueryPerformanceCounter
QueryPerformanceFrequency
CreateSemaphoreW
WaitForMultipleObjects
DisableThreadLibraryCalls
SystemTimeToFileTime
WideCharToMultiByte
GetVersionExW
FreeLibrary
GetProcAddress
LoadLibraryW
HeapDestroy
IsBadWritePtr
lstrlenA
LocalFree
FormatMessageW
CompareStringW
TryEnterCriticalSection
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcpynW
ReleaseSemaphore
GetSystemInfo
VirtualFree
lstrcmpW
GetModuleHandleW
lstrcpyW
InterlockedExchange
GetThreadPriority
MultiByteToWideChar
GetModuleFileNameA
CreateEventA
IsBadReadPtr
CreateThread

oleaut32

VariantInit
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
LoadRegTypeLi

user32

ShowWindow
CreateWindowExW
LoadCursorW
LoadIconW
IsRectEmpty
PtInRect
IsWindowVisible
GetWindow
IsIconic
GetParent
GetCursor
AttachThreadInput
GetWindowThreadProcessId
WindowFromPoint
CopyRect
EqualRect
GetSystemMetrics
IsWindow
DrawIconEx
GetIconInfo
GetDesktopWindow
GetCursorPos
SendMessageW
SetWindowPlacement
GetDlgItem
SetWindowLongW
SendDlgItemMessageW
EnableWindow
GetWindowLongW
CreateDialogParamW
MessageBoxW
RedrawWindow
SetCapture
EnumWindows
SetCursor
IsChild
ClientToScreen
GetWindowTextW
DestroyWindow
ReleaseCapture
CallWindowProcW
SetDlgItemInt
GetDlgItemInt
CharNextW
GetDlgItemTextA
SetDlgItemTextW
PeekMessageW
MsgWaitForMultipleObjects
wsprintfW
PostThreadMessageW
RegisterWindowMessageW
GetQueueStatus
MoveWindow
InvalidateRect
DispatchMessageW
GetDC
ReleaseDC
SetRectEmpty
GetWindowRect
DefWindowProcW
LoadStringW
CreateDialogParamA
GetWindowPlacement

ole32

CoUninitialize
CoTaskMemAlloc
CoCreateInstance
OleFlushClipboard
OleIsCurrentClipboard
CoFreeUnusedLibraries
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString
CoInitialize

gdi32

CreateCompatibleBitmap
SelectPalette
SetROP2
Rectangle
CreatePen
GetDIBits
GetSystemPaletteEntries
CreatePalette
RealizePalette
SelectObject
BitBlt
CreateCompatibleDC
DeleteObject
GetPixel
DeleteDC
GetDeviceCaps

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegDeleteKeyW
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW

winmm

timeEndPeriod
timeBeginPeriod
timeKillEvent
timeSetEvent
timeGetTime

gdiplus

GdipGraphicsClear
GdipDrawImageRectRect
GdipAlloc
GdipCloneImage
GdipGetImageThumbnail
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipSetSmoothingMode
GdipImageRotateFlip
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipFree
GdipCreateBitmapFromGdiDib
GdipDeleteGraphics
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDrawImageRectI
GdipDisposeImage

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb2d9a1e4a36fa9226b14f34ea5fceb6

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

oleaut32

user32

ole32

gdi32

advapi32

winmm

gdiplus

Exports

Exports

Sections

.text Size: 274KB - Virtual size: 273KB

.data Size: 81KB - Virtual size: 258KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 274KB - Virtual size: 273KB

.data
Size: 81KB - Virtual size: 258KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 23KB - Virtual size: 23KB