389f5b2a151e56e951af19a4f6c5684b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

389f5b2a151e56e951af19a4f6c5684b_JaffaCakes118
Size

116KB
MD5

389f5b2a151e56e951af19a4f6c5684b
SHA1

64e45b3842635247b98bd6fecc36841ef5e4d164
SHA256

757c61142e8dac5fdaf7c85be0a3ccb4eeef164ae80201ad6a039aecaf23fb06
SHA512

02d678c9ab8e789e346c4c65f0441b7cd5a0804d7f7afe1f19a63f6bf8b8ee33c542751af78796e60e00da1700bbf3e3a5fc3c53eeded0f88bc87ff02e2dab32
SSDEEP

3072:GC0bWypkf+CiIFEFBgnwlVrgJmJO6L4a3n4:G3SnWAFEFBguJOBv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
389f5b2a151e56e951af19a4f6c5684b_JaffaCakes118

Files

389f5b2a151e56e951af19a4f6c5684b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4fbc0ba2710f88897ec81926ce47e522

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA
SHGetSpecialFolderPathW
SHFileOperationW

dinput

DirectInputCreateW

advapi32

GetSecurityDescriptorDacl
SetFileSecurityW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
AddAccessAllowedAce
AddAce
AllocateAndInitializeSid
EqualSid
GetAce
GetAclInformation
GetFileSecurityW
GetLengthSid
GetSecurityDescriptorControl
RegEnumKeyA
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken
RegCloseKey
SetSecurityDescriptorDacl

gdi32

GetStockObject
GetDeviceCaps

kernel32

WriteFile
lstrlenA
OutputDebugStringA
WriteConsoleW
AreFileApisANSI
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateMutexA
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateThread
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileA
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDriveTypeA
GetEnvironmentStringsA
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadPriority
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
MoveFileA
MulDiv
MultiByteToWideChar
OpenEventA
OpenFile
WriteConsoleA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlUnwind
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetThreadAffinityMask
SetThreadIdealProcessor
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

user32

AdjustWindowRect
CharLowerBuffA
CharToOemA
ClientToScreen
CloseClipboard
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EmptyClipboard
GetClipboardData
GetDC
GetDesktopWindow
GetForegroundWindow
GetQueueStatus
GetSystemMetrics
LoadCursorA
LoadIconA
MessageBoxW
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageA
PostThreadMessageA
RegisterClassA
RegisterWindowMessageA
ReleaseDC
ScreenToClient
SendMessageA
SetClipboardData
SetCursorPos
SetRect
SetWindowLongA
SetWindowPos
ShowCursor
ShowWindow
TranslateMessage
UpdateWindow
wsprintfA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

socket
send
select
recv
listen
ioctlsocket
inet_addr
htons
htonl
connect
closesocket
bind
accept
WSAStartup
WSAGetLastError
WSACleanup
WSAAsyncGetHostByName
WSACancelAsyncRequest

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutPrepareHeader
waveOutOpen
waveOutGetPosition
waveOutGetNumDevs
waveOutGetDevCapsW
waveOutGetDevCapsA
waveOutClose
waveInUnprepareHeader
waveInStart
waveInReset
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveInGetDevCapsW
waveInGetDevCapsA
mciSendCommandA
timeBeginPeriod
timeEndPeriod
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose

ole32

CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
PropVariantClear

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fbc0ba2710f88897ec81926ce47e522

Headers

File Characteristics

Imports

shell32

dinput

advapi32

gdi32

kernel32

user32

version

ws2_32

winmm

ole32

Sections

.text Size: 76KB - Virtual size: 75KB

.data Size: 28KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 76KB - Virtual size: 75KB

.data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB