399f628bfd6f7f4e32d41db66f0cbc50_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

399f628bfd6f7f4e32d41db66f0cbc50_JaffaCakes118
Size

370KB
MD5

399f628bfd6f7f4e32d41db66f0cbc50
SHA1

67bcae4d2e893259914541cba0998487cfe67df7
SHA256

4e3a801e35bc942c27dcdfbbd648c6cb1946370ceaf917e9906b675530f8cf37
SHA512

1f9348407748e487a36c79645a74de9455effd106fffdfe217584fbe81c5a4c8b430d4c56d8eeddb52ef5dc9323ade768ef24559b0bc22e0ab9e90562e8214b6
SSDEEP

6144:48z/nrXe5nj7sia4LyNZ8hGGKjNJGpLtSphD5q+fzZkAuf3IQYAdjhwTI:HrO9fsJZ8hRKjNQtqhE+fRi4Q17wTI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
399f628bfd6f7f4e32d41db66f0cbc50_JaffaCakes118

Files

399f628bfd6f7f4e32d41db66f0cbc50_JaffaCakes118
.dll windows:5 windows x86 arch:x86

167c39f30a0971a33b8545f8e6fe8327

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sti.pdb

Imports

msvcrt

swprintf
_vsnprintf
_onexit
__dllonexit
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
_initterm
_wtol
wcsstr
_wtoi
strchr
_wcsnicmp
_ftol
memset
strcmp
memmove
wcscmp
__RTDynamicCast
_purecall
realloc
__CxxFrameHandler
malloc
??2@YAPAXI@Z
free
??3@YAXPAX@Z

ntdll

NtFlushBuffersFile
NtGetPlugPlayEvent
NtReleaseSemaphore
NtDeleteKey
NtQueryMultipleValueKey
NtQueryObject
NtOpenProcessToken
NtQuerySystemInformation

kernel32

lstrlenW
GetModuleHandleW
IsBadWritePtr
GetProcAddress
TlsFree
LoadLibraryW
GetStdHandle
IsBadReadPtr
LocalFree
FreeLibrary
lstrcpynW
GetACP
TryEnterCriticalSection
GetModuleHandleA
lstrcmpW
TlsSetValue
CreateFileA
IsBadStringPtrW
lstrcpyW
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
TlsAlloc
CloseHandle
ReadFile
GetSystemTimeAsFileTime
LoadLibraryA
GetWindowsDirectoryW
FindAtomA
GetUserDefaultLCID
SetEvent
GetSystemDefaultUILanguage
LCMapStringW
AreFileApisANSI
GetVersion
OpenEventA
GlobalFree
FindResourceExW
HeapDestroy
RegisterWaitForSingleObject
GetCurrentProcessId
PulseEvent
UnregisterWait
CreateEventW
OutputDebugStringA
FindResourceExA
lstrcatA
GetLocalTime
HeapAlloc
GetProcessHeap
CreateSemaphoreA
InterlockedExchange
SetLastError
FindResourceW
CreateMutexA
HeapFree
GetConsoleOutputCP
TlsGetValue
GetSystemDefaultLCID
UnregisterWaitEx
FindClose
WaitForSingleObject
WaitForMultipleObjects
CreateThread
QueueUserWorkItem
lstrlenA
CreateSemaphoreW
WideCharToMultiByte
GetEnvironmentStringsA
MultiByteToWideChar
GetCurrentProcess
GetComputerNameW
OpenEventW
GetLastError
InterlockedDecrement
VirtualAlloc
InterlockedIncrement
GetTempPathA
DeleteCriticalSection
GetUserDefaultUILanguage
GetCurrentDirectoryA
Sleep
GetCommandLineW
InitializeCriticalSection
FreeEnvironmentStringsA
InterlockedCompareExchange
GetOEMCP
GetCurrentThreadId
GlobalAlloc
GetThreadLocale
EnterCriticalSection
SleepEx
LeaveCriticalSection
IsSystemResumeAutomatic
OpenMutexA
GetLogicalDrives
HeapCreate
GetTempFileNameA
LocalAlloc
DisableThreadLibraryCalls

ole32

CoInitializeEx
CoUninitialize
IIDFromString
StringFromIID
CoCreateFreeThreadedMarshaler
CreateBindCtx
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoCreateInstance
StringFromGUID2

ws2_32

WSAIoctl
WSASocketW

advapi32

RegOpenKeyExW
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
GetUserNameW
RegQueryValueExW

user32

FindWindowA
CreateWindowExA
GetInputState
ReleaseDC
GetWindowLongW
GetCaretBlinkTime
GetMessageA
UnregisterClassW
DestroyWindow
DispatchMessageW
UnregisterClassA
GetSystemMetrics
TranslateMessage
GetDC
PostQuitMessage
PeekMessageW
GetClipboardViewer
GetSysColor
UnregisterDeviceNotification
UpdateWindow
GetDesktopWindow
GetCapture
MsgWaitForMultipleObjectsEx
RegisterDeviceNotificationW
GetForegroundWindow
GetActiveWindow
GetProcessDefaultLayout
CreateWindowExW
RegisterClassW
DefWindowProcW
LoadStringW
LoadIconA
DispatchMessageA
DefWindowProcA
wsprintfA
SetWindowLongW

winmm

mixerGetLineControlsA
mixerClose
mixerOpen
mixerGetControlDetailsA
timeGetTime

rtutils

TraceRegisterExW
TraceVprintfExA
TraceDeregisterW

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 248KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

167c39f30a0971a33b8545f8e6fe8327

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

ole32

ws2_32

advapi32

user32

winmm

rtutils

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 248KB - Virtual size: 249KB

.bss Size: - Virtual size: 44KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 248KB - Virtual size: 249KB

.bss
Size: - Virtual size: 44KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 3KB - Virtual size: 2KB