5204b2b48fd467f1d81045c47718c420_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5204b2b48fd467f1d81045c47718c420_JaffaCakes118
Size

244KB
MD5

5204b2b48fd467f1d81045c47718c420
SHA1

2a15197199d07defe9563993a20cc7bcfbe83b1f
SHA256

58d6363fef24152525724f8faace475d76c671eae623d2b0b30529fe9647f3b5
SHA512

e24ed05e61dccb803948709998a41f8e9d5fa5289715e7e3ccd6663c0387ae0c2bf512a25f401c509931b8167cca30097234ef277aaf9eacafb4f62a6f79ce95
SSDEEP

3072:nr9IVVIwTn0XClCx1pUXH87mrCiNKtOUywr73jgDtKn3cJqxrzMi1gIFMdy5:r9I4fXClCxzUM7mjUjswxrzfG/dy5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5204b2b48fd467f1d81045c47718c420_JaffaCakes118

Files

5204b2b48fd467f1d81045c47718c420_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ffe9c07e661b4f8260e3866b8673a50c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vssapi

?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z

kernel32

SetFilePointer
FlushFileBuffers
GetCurrentProcess
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
RaiseException
GetCommandLineA
GetProcessHeap
HeapSize
ExitProcess
TerminateProcess
WriteFile
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
InterlockedExchange
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryA
GetVersionExA
GlobalFlags
lstrcmpW
GetCurrentThreadId
CloseHandle
GetThreadLocale
GetVersion
InterlockedIncrement
FreeLibrary
InterlockedDecrement
GetModuleHandleW
GetProcAddress
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetModuleFileNameW
WideCharToMultiByte
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
GetLastError
SetLastError
CreateFileW
lstrlenW
GetFileSizeEx
OutputDebugStringW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
UnhandledExceptionFilter

oleacc

CreateStdAccessibleObject
LresultFromObject

user32

UnregisterClassA
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowPos
SetWindowLongW
IsWindow
GetDlgItem
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
GetWindowTextW
PostQuitMessage
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DestroyMenu
LoadBitmapW

gdi32

DeleteObject
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
ScaleWindowExtEx
DeleteDC
GetStockObject
RectVisible
PtVisible
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
GetDeviceCaps
SetMapMode
TextOutW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

oleaut32

VariantChangeType
VariantClear
VariantInit

Exports

Exports

_VSSAddVolumeToShadowPlus@4
_VSSFileGetShadowSizeInBytes@8
_VSSFileOpenForShadowReadPlus@4
_VSSPrepareForBackupPlus@0
_VSSPrepareShadowPlus@0
_VSSReleaseShadowPlus@0

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffe9c07e661b4f8260e3866b8673a50c

Headers

File Characteristics

Imports

vssapi

kernel32

oleacc

user32

gdi32

winspool.drv

oleaut32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 80KB - Virtual size: 94KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 80KB - Virtual size: 94KB

.reloc
Size: 20KB - Virtual size: 17KB