3ba1272bfeba69d9e0de25c958ace1a8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ba1272bfeba69d9e0de25c958ace1a8_JaffaCakes118
Size

688KB
MD5

3ba1272bfeba69d9e0de25c958ace1a8
SHA1

df25656044760cbe4673bb204593b11b431ac0d0
SHA256

bd9b5a1f348c9230b463ad4fdf73d7cc97fd4468ef2a7960611852128333c579
SHA512

0674ea68c1086bc3db35062aba5f6b7b7e4bd23d2931d9fdeb875507e138f32b517f372b53353715bd9902cdaee072b17bf61bc428e3ca14a6b2e490276502ae
SSDEEP

12288:StARm0+KGHFOLEUK/FPG6I+V0r3elQqb8n1SqPspvEcE50f248Yya207G+fzCnZt:StARm0+KGHFOLEHFPG6ji3cqPsp8cE5b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ba1272bfeba69d9e0de25c958ace1a8_JaffaCakes118

Files

3ba1272bfeba69d9e0de25c958ace1a8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fb9a638b5c795c41ce643df2897a1829

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

sscanf
_write
_unlink
_adjust_fdiv
_initterm
_onexit
__dllonexit
tolower
rand
_read
_stat
??2@YAPAXI@Z
_telli64
_lseeki64
_chsize
_fstat
_errno
_getmbcp
_mbctype
printf
strtod
isdigit
_tell
_sopen
_open
_lseek
_close
_putenv
strtol
_creat
_strcmpi
_strnicmp
_purecall
??3@YAXPAX@Z
atoi
sprintf
atof
time
atol
free
strchr
strtok
_strdup
isspace
strncpy
_snprintf
_ftol
strrchr
clock
strstr
_splitpath
fclose
fread
ftell
fseek
fopen
fwrite
strncmp
remove
_atoi64
strftime
localtime
calloc
malloc
realloc
strcspn
_vsnprintf
_ismbcspace
memmove
_stricmp
_itoa

kernel32

Sleep
lstrcatA
SetLocaleInfoA
GetNumberFormatA
WideCharToMultiByte
GetTempFileNameA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
MultiByteToWideChar
lstrcpyA
GetVersion
GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
GetTickCount
lstrcmpiA
lstrcpynA
lstrlenA
GetModuleHandleA
GetProcAddress
LoadLibraryA
FreeLibrary
OutputDebugStringA
GetLastError
GetLocaleInfoA
GetPrivateProfileStringA
lstrcmpA
GetModuleFileNameA
GetEnvironmentVariableA
GetCurrentProcessId
GetCurrentThreadId
CloseHandle
CreateThread
IsDBCSLeadByte
GetTimeFormatA
GetDateFormatA
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetErrorMode
GetFileSize
CreateFileA
GetTempPathA

user32

PostQuitMessage
TranslateMessage
IsDialogMessageA
GetSysColor
PeekMessageA
GetSystemMetrics
GetWindowPlacement
ReleaseDC
GetDC
SetForegroundWindow
CharPrevA
DispatchMessageA
GetMenuItemCount
ClientToScreen
OffsetRect
SetRect
SetWindowTextA
IsRectEmpty
CharLowerA
SetWindowRgn
SendMessageA
CharNextA
SystemParametersInfoA
IntersectRect
MapWindowPoints
InvalidateRect
GetWindow
CallWindowProcA
FindWindowExA
GetWindowThreadProcessId
SetWindowLongA
GetWindowLongA
GetParent
IsWindowEnabled
IsZoomed
IsWindow
GetActiveWindow
SetActiveWindow
SetWindowPos
PtInRect
IsChild
IsWindowVisible
GetClassNameA
ShowWindow
GetWindowRect
SetFocus
RedrawWindow
SetPropA
RemovePropA
SetParent
TrackPopupMenu
EnableWindow
GetMenuItemInfoA
RegisterClassA
CreateWindowExA
GetClientRect
CreatePopupMenu
GetCursorPos
IsIconic
GetClassInfoA
SetMenuDefaultItem
DefWindowProcA
AttachThreadInput
GetForegroundWindow
DestroyWindow
InsertMenuItemA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyExA
RegQueryValueA
RegSetValueA
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA

gdi32

CreateCompatibleDC
DeleteObject
CombineRgn
ExtCreateRegion
GetDCOrgEx
GetClipBox
GetDeviceCaps
GetTextFaceA
GetStockObject
CreateDCA
CreateSolidBrush
SetBkColor
SetTextColor
GetTextExtentPoint32A
DeleteDC
SelectObject

Exports

Exports

RMACreateInstance
RMAShutdown
SetDLLAccessPath

Sections

.text
Size: 416KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb9a638b5c795c41ce643df2897a1829

Headers

File Characteristics

Imports

pncrt

kernel32

user32

advapi32

gdi32

Exports

Exports

Sections

.text Size: 416KB - Virtual size: 412KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 32KB - Virtual size: 32KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 36KB - Virtual size: 33KB

.text
Size: 416KB - Virtual size: 412KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 36KB - Virtual size: 33KB