36c8c55839ca4edde9627f838e82bc92_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36c8c55839ca4edde9627f838e82bc92_JaffaCakes118
Size

74KB
MD5

36c8c55839ca4edde9627f838e82bc92
SHA1

33aa1fd8d6d9115f58d2025e936074ec191892b8
SHA256

6dfb342732bf2288bba137899029ccaef6e8facf9a2de89b8ce5bd87bf2d9aa2
SHA512

0c47b624c1fc6e394a1fee9d140b0497bdcb4615ccc75b5177a59be9d25a4d9407b2d1ae2702a60c1898b3af93b6098fcd2fa4a6e43a1992e64fd26d81828980
SSDEEP

1536:gFowZWiKGMJtx9SfPVHR855U6w8dw5fiUZaYNXybPtiDpnfpt5:gFowgizMvPSfPVHRA5U6w8dw5L06jDt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36c8c55839ca4edde9627f838e82bc92_JaffaCakes118

Files

36c8c55839ca4edde9627f838e82bc92_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b7783466a377e52af9e587bb5cdeae0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject

gdiplus

GdipAlloc
GdipCloneBrush
GdipCloneImage
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeletePrivateFontCollection
GdipDeleteStringFormat
GdipDisposeImage
GdipDrawString
GdipFree
GdipReleaseDC
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint

kernel32

AddAtomA
CloseHandle
CreateDirectoryW
CreateMutexW
CreateProcessW
CreateSemaphoreA
DeleteFileW
DisableThreadLibraryCalls
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesW
GetLastError
GetLocalTime
GetModuleFileNameW
GetModuleHandleA
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetProcAddress
GetVersionExW
GlobalAlloc
GlobalLock
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
LoadLibraryW
ReleaseSemaphore
SetLastError
SetProcessWorkingSetSize
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WritePrivateProfileStringW

msvcrt

_strdup
_stricmp
_wcsicmp
_write
__dllonexit
_assert
_beginthread
_errno
_wfopen
abort
atoi
clock
fclose
fflush
fread
free
fseek
malloc
memcpy
sprintf
strcat
strcmp
strcpy
strrchr
strstr
swscanf
wcscat
wcscmp
wcscpy
wcslen
wcsrchr
wcsstr

shell32

SHGetSpecialFolderPathW

shlwapi

PathRenameExtensionW

user32

AppendMenuW
CallWindowProcW
CloseClipboard
CreateDialogParamW
CreatePopupMenu
DestroyMenu
DispatchMessageW
EmptyClipboard
EndDialog
EnumWindows
GetClassNameW
GetClientRect
GetCursorPos
GetDC
GetMessageW
GetParent
GetPropW
GetWindowLongW
GetWindowRect
GetWindowTextW
IsWindowVisible
KillTimer
MessageBoxW
OpenClipboard
PostMessageW
PtInRect
ReleaseDC
SendMessageW
SetClipboardData
SetFocus
SetForegroundWindow
SetPropW
SetTimer
SetWindowLongW
SetWindowPos
ShowWindow
TrackPopupMenu
TranslateMessage
UpdateLayeredWindow
UpdateWindow
wsprintfA
wsprintfW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

ws2_32

WSACleanup
WSAStartup
closesocket
connect
gethostbyname
htons
inet_ntoa
ntohs
recv
send
socket

Exports

Exports

Loader

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shuax0
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.shuax1
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7783466a377e52af9e587bb5cdeae0b

Headers

File Characteristics

Imports

gdi32

gdiplus

kernel32

msvcrt

shell32

shlwapi

user32

version

wininet

ws2_32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 44B

.rdata Size: 5KB - Virtual size: 4KB

.bss Size: - Virtual size: 44KB

.edata Size: 512B - Virtual size: 66B

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 124B

.shuax0 Size: 2KB - Virtual size: 2KB

.shuax1 Size: 24KB - Virtual size: 24KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 44B

.rdata
Size: 5KB - Virtual size: 4KB

.bss
Size: - Virtual size: 44KB

.edata
Size: 512B - Virtual size: 66B

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 124B

.shuax0
Size: 2KB - Virtual size: 2KB

.shuax1
Size: 24KB - Virtual size: 24KB

.reloc
Size: 2KB - Virtual size: 2KB