ad560462d9201c1668508aab714d1d8e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ad560462d9201c1668508aab714d1d8e_JaffaCakes118
Size

347KB
MD5

ad560462d9201c1668508aab714d1d8e
SHA1

7d407593d270085286b22e82e07f0b6f33c23f5b
SHA256

31b01b6ab814a5a6c5125f381988cc1358306d5ab1cb9c3b6602510c53fcdb9b
SHA512

374bf8bb27641946518f2c8416af4f94ca1b8e40d72870b7d91e6cc651f01d05b40ef57d4f6f3e663303c52f3052e67cd9a35130252ec2a04a11532a35538dcc
SSDEEP

6144:m0IMoNmL7x4SVXSabPTeboxqoTkEaWra:OFNmLKSVXJbPT+4xr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
ad560462d9201c1668508aab714d1d8e_JaffaCakes118

Files

ad560462d9201c1668508aab714d1d8e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

dd05b30315b1666b2a1815947f80cb2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualProtect
GetConsoleCP
GetCurrentThreadId
GetLastError
GetCurrentThread
RaiseException
SetSystemPowerState
EnumDateFormatsA
GetVolumePathNameA

comctl32

InitCommonControls
ShowHideMenuCtl
DrawStatusTextW
ImageList_ReplaceIcon
ImageList_Read
CreateMRUListW
FlatSB_ShowScrollBar
InitializeFlatSB
GetEffectiveClientRect
CreatePropertySheetPageA

user32

GetCursorInfo
GetActiveWindow
GetCapture
GetCaretBlinkTime
GetAsyncKeyState
CreateAcceleratorTableA
GetQueueStatus
SetCursorPos
DestroyCaret
ChangeDisplaySettingsExA
PtInRect
GetMenuContextHelpId
DdeConnect
FindWindowExW
SetRectEmpty
CharNextA
DefDlgProcA
MsgWaitForMultipleObjectsEx

oleacc

GetRoleTextW
CreateStdAccessibleProxyW
LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

msimg32

DllInitialize
GradientFill
vSetDdrawflag

winspool.drv

FlushPrinter
StartDocPrinterW
AddPrinterDriverA
AddFormW
QueryRemoteFonts
GetPrinterDataExA
GetPrinterDataW
SeekPrinter
SetPrinterDataA

advapi32

SetEntriesInAclW
ElfBackupEventLogFileW
LsaLookupNames2
OpenEncryptedFileRawW
SaferSetPolicyInformation

shlwapi

PathFindOnPathW
PathIsContentTypeA
SHReleaseThreadRef
SHFreeShared
SHDeleteKeyA
UrlIsNoHistoryA

shell32

DragQueryFileAorW
StrChrW
SHRestricted
FreeIconList
WriteCabinetState
PrintersGetCommand_RunDLL
RealShellExecuteA

winmm

mciGetCreatorTask
midiOutCachePatches
mid32Message
midiInGetErrorTextA
waveOutGetPitch
mmioInstallIOProcW
midiStreamRestart

oledlg

OleUIChangeIconW
OleUIChangeIconA
OleUIPasteSpecialW
OleUIChangeSourceA
OleUIBusyW
OleUIUpdateLinksA
OleUIPasteSpecialA
OleUIUpdateLinksW
OleUIObjectPropertiesW

oleaut32

VariantTimeToSystemTime
VarCyFromDisp
VarUI4FromI1
CreateTypeLib2
VarCyRound

gdi32

SetICMProfileA
EngPaint
PolyPatBlt
GdiResetDCEMF
LPtoDP
ClearBrushAttributes

comdlg32

CommDlgExtendedError
ChooseFontA
ChooseColorA
dwOKSubclass
dwLBSubclass
ReplaceTextW
ChooseFontW

Exports

Exports

DllRegisterServer

Sections

.code
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 50.0MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dd05b30315b1666b2a1815947f80cb2a

Headers

File Characteristics

Imports

kernel32

comctl32

user32

oleacc

msimg32

winspool.drv

advapi32

shlwapi

shell32

winmm

oledlg

oleaut32

gdi32

comdlg32

Exports

Exports

Sections

.code Size: 316KB - Virtual size: 315KB

.data Size: 512B - Virtual size: 81B

.rdata Size: 26KB - Virtual size: 50.0MB

.rdata Size: 3KB - Virtual size: 3KB

.code
Size: 316KB - Virtual size: 315KB

.data
Size: 512B - Virtual size: 81B

.rdata
Size: 26KB - Virtual size: 50.0MB

.rdata
Size: 3KB - Virtual size: 3KB