3b021d1bb921219ba1af5ddb9eeb7e8f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b021d1bb921219ba1af5ddb9eeb7e8f_JaffaCakes118
Size

174KB
MD5

3b021d1bb921219ba1af5ddb9eeb7e8f
SHA1

0c9fcfcb85e2a32e3dcdf1d5ed3e80261413c37f
SHA256

e479edd436bdfb8234b7374bb91c4b6600bb5c0d2d67d8ced96e79fc4e0ece02
SHA512

8944ce64971c255479a34cda5ff8b94e7efb6b40f355b25c8a5ff3fb09d0b9595fe6ed4375e7bf4f1aeaa71c4f8c221228a0b28c7ff155a8666ab1a86621bc4f
SSDEEP

3072:y03xr1BK/X4hH0llTsmE92oe3HNtNL9nGXod8CeMDCK3:yg12XBWdApLZCo6CGE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b021d1bb921219ba1af5ddb9eeb7e8f_JaffaCakes118

Files

3b021d1bb921219ba1af5ddb9eeb7e8f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

464eb2235972f816249ede204068b8db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msctfime.pdb

Imports

msvcrt

strncmp
_vsnprintf
_ftol
_except_handler3
wcsncpy
_adjust_fdiv
malloc
_initterm
free
wcscpy
memmove
wcstoul

user32

DrawTextExW
DrawTextExA
RegisterWindowMessageA
UnregisterClassW
LoadIconA
LoadCursorA
GetClassInfoExW
RegisterClassExW
GetActiveWindow
GetCaretBlinkTime
BeginPaint
EndPaint
GetSysColor
CreateWindowExW
GetSystemMetrics
MapWindowPoints
SetWindowPos
DestroyWindow
GetCursorPos
MoveWindow
IsWindowVisible
ShowWindow
LoadImageA
DestroyIcon
PtInRect
ScreenToClient
InvalidateRect
SetWindowLongA
DefWindowProcA
KillTimer
SetTimer
GetWindowLongA
SystemParametersInfoA
GetDC
SetRect
ReleaseDC
GetClientRect
ClientToScreen
PostMessageW
PostMessageA
GetFocus
IsWindow
ToUnicode
GetKeyboardLayout
CreateWindowExA
ReleaseCapture
SetCapture
AdjustWindowRectEx
WindowFromPoint
RegisterClassExA
GetClassInfoExA
SetCursor
GetDoubleClickTime
DrawEdge
DrawIconEx
FillRect
GetIconInfo
OffsetRect
InflateRect
IntersectRect
GetSysColorBrush
DrawStateA
FrameRect
GetCursor
GetKeyState
keybd_event
SendMessageW
IsWindowUnicode
GetWindowRect
SendMessageA
GetKeyboardState

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegCreateKeyExA
RegSetValueExA
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
RegQueryValueExA

kernel32

WideCharToMultiByte
IsDBCSLeadByteEx
GetLocaleInfoW
GetProcAddress
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsFree
GetVersionExA
GetACP
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
MultiByteToWideChar
SetUnhandledExceptionFilter
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExA
lstrcmpA
LocalFree
LocalAlloc
IsBadWritePtr
lstrlenA
lstrlenW
lstrcpynA
GetSystemDirectoryA
GetSystemWindowsDirectoryA
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetModuleHandleA
LoadLibraryA
GetModuleHandleW
LoadLibraryW
LocalReAlloc
GetLastError
InterlockedDecrement
InterlockedIncrement
TlsGetValue
TlsSetValue
GetModuleFileNameA
LoadResource
FindResourceA
GetSystemDefaultLangID
EnumResourceLanguagesA
GetWindowsDirectoryA
UnhandledExceptionFilter

gdi32

Polyline
BitBlt
CreateFontIndirectW
CreateFontIndirectA
SelectObject
GetTextMetricsA
DeleteObject
MoveToEx
ExtCreatePen
GetTextColor
SetTextColor
SetBkColor
PatBlt
DeleteDC
SetViewportOrgEx
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
SetBkMode
CreatePen
CreateFontA
CreateSolidBrush
CreateDCA
CreateDIBSection
CreateRectRgn
GetClipRgn
IntersectClipRect
ExtSelectClipRgn
GetViewportExtEx
GetWindowExtEx
GetTextExtentPointA
GetTextExtentPoint32W
GetTextAlign
SetTextAlign
ExtTextOutA
ExtTextOutW
GetObjectA
TranslateCharsetInfo
GetCurrentObject
GetObjectW
CreateBitmap
CreateBrushIndirect
LineTo
GetStockObject

imm32

ImmDestroyIMCC
ImmNotifyIME
ImmEnumInputContext
ImmGetContext
ImmGetDefaultIMEWnd
ImmSetConversionStatus
ImmGetAppCompatFlags
ImmSetCompositionStringW
ImmGetProperty
ImmCreateIMCC
ImmLockIMC
ImmUnlockIMC
ImmLockIMCC
ImmUnlockIMCC
ImmGetIMCCSize
ImmReSizeIMCC
ImmRequestMessageA
ImmSetOpenStatus
ImmGetCompositionFontA
ImmGetCompositionStringW
CtfImmGenerateMessage
CtfImmIsCiceroStartedInThread

Exports

Exports

CtfImeCreateInputContext
CtfImeCreateThreadMgr
CtfImeDestroyInputContext
CtfImeDestroyThreadMgr
CtfImeDispatchDefImeMessage
CtfImeEscapeEx
CtfImeGetGuidAtom
CtfImeInquireExW
CtfImeIsGuidMapEnable
CtfImeIsIME
CtfImeProcessCicHotkey
CtfImeSelectEx
CtfImeSetActiveContextAlways
CtfImeThreadDetach
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
UIWndProc

Sections

.text
Size: 155KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.upx_
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

464eb2235972f816249ede204068b8db

Headers

File Characteristics

PDB Paths

Imports

msvcrt

user32

advapi32

kernel32

gdi32

imm32

Exports

Exports

Sections

.text Size: 155KB - Virtual size: 156KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 8KB

.reloc Size: 11KB - Virtual size: 12KB

.upx_ Size: 1KB - Virtual size: 4KB

.text
Size: 155KB - Virtual size: 156KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: 11KB - Virtual size: 12KB

.upx_
Size: 1KB - Virtual size: 4KB