JaffaCakes118_6a59d9731e4a47cb0428e149c835dc40

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_6a59d9731e4a47cb0428e149c835dc40
Size

220KB
MD5

6a59d9731e4a47cb0428e149c835dc40
SHA1

c7fc2ffb906d43e54060239d272c04ffb85666a0
SHA256

5aed5430766c5bdad20c300955473248497d50646bd4ac56e1d3b6c6e54be46b
SHA512

693050b556978d26ad151e4ad23ed55a2b572f5fbfaffa583c95cded82dd7cedd2c55aa2ebeecd2a220672852eafe75ac47ea2e56019a11423999e655467e928
SSDEEP

3072:YFo63IvP2/48lOFoh8xwk6ISc1neJ0rBFBByidL20Sp/FG51JOFgowUt5wXR:YFlQvwYnimB5D20e/FuJEwUT0R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6a59d9731e4a47cb0428e149c835dc40

Files

JaffaCakes118_6a59d9731e4a47cb0428e149c835dc40
.dll windows:4 windows x86 arch:x86

5d7abaf895f9a812b308640cee6e1bea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetOEMCP
RtlUnwind
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
HeapCreate
VirtualFree
GetCPInfo
DeleteCriticalSection
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedIncrement
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
SetFilePointer
FlushFileBuffers
WriteFile
GetCurrentProcess
GetProcessVersion
FormatMessageA
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
GetLastError
GlobalAddAtomA
GlobalFindAtomA
SetLastError
GetModuleHandleA
GetProcAddress
WritePrivateProfileStringA
GlobalFlags
lstrcpyA
GetVersion
lstrcpynA
TlsGetValue
lstrcatA
SetErrorMode
EnterCriticalSection
LocalReAlloc
TlsSetValue
TlsFree
GlobalReAlloc
LeaveCriticalSection
GlobalFree
GlobalHandle
GlobalUnlock
VirtualAlloc
TlsAlloc
GetCurrentThreadId
InitializeCriticalSection
LocalFree
LocalAlloc
WideCharToMultiByte
InterlockedDecrement
lstrlenA
MultiByteToWideChar
IsBadWritePtr
GetEnvironmentStrings
HeapDestroy

user32

LoadStringA
GetSysColorBrush
DestroyMenu
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GrayStringA
DrawTextA
TabbedTextOutA
MapWindowPoints
LoadIconA
LoadCursorA
GetMenuItemCount
wsprintfA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetSysColor
AdjustWindowRectEx
GetClientRect
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
ReleaseDC
CopyRect
PostQuitMessage
GetClassNameA
GetTopWindow
GetClassInfoA
GetCapture
WinHelpA
GetSubMenu
RegisterClassA
GetMenu
GetMenuItemID
CreateWindowExA
DefWindowProcA
DestroyWindow
GetDC
GetClassLongA
GetDlgItem
GetSystemMetrics

gdi32

RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
OffsetViewportOrgEx
SetViewportExtEx
SetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetClipBox
SetWindowExtEx
DeleteObject
DeleteDC
GetDeviceCaps
RectVisible
TextOutA
PtVisible
Escape
ExtTextOutA
GetObjectA
SaveDC
CreateBitmap

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

comctl32

ord17

ole32

CLSIDFromProgID

oleaut32

VariantClear
SysStringLen
SysAllocString
SysFreeString
VariantChangeType
GetActiveObject

Exports

Exports

DllWord8
DllWordCopy
DllWordCopyAll
DllWordPaste

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5d7abaf895f9a812b308640cee6e1bea

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 16KB - Virtual size: 14KB

.text Size: 100KB - Virtual size: 100KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 16KB - Virtual size: 14KB

.text
Size: 100KB - Virtual size: 100KB