f6c8109c31fbb1aed732bde97b526df0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6c8109c31fbb1aed732bde97b526df0_JaffaCakes118
Size

84KB
MD5

f6c8109c31fbb1aed732bde97b526df0
SHA1

afe4bb1b1e385974dd2ad0956a09c8404c275600
SHA256

999fc9fc74d6768d1ea218fb0c26f593dd1fe7273c25957546569fba40784233
SHA512

f5e0feb750e1d67482a5e7987a570d5c95ae8049c20cbb08d55134b7e35a24e4a852f6f3cfdb9601923e239d4ffe4ceecfa3c6f05cbaa4edee2ddce73eacca5e
SSDEEP

1536:9J0jtdsYjww1flPg1s4uh7DeRL+ASybp1yWCrfPb4z6n0K:9Jcd3lQEXeRqASYarfPb4m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6c8109c31fbb1aed732bde97b526df0_JaffaCakes118

Files

f6c8109c31fbb1aed732bde97b526df0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

003045fd86e744cdd265bfa5bafd3e69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
GetModuleHandleExW
GlobalAddAtomA
ReplaceFileW
GetProfileStringA
GetStringTypeA
GetModuleFileNameW
lstrcpyW
GetLogicalDriveStringsW
GetDefaultCommConfigW
DeleteTimerQueueTimer
PeekNamedPipe
GetEnvironmentStringsW
GlobalFlags
TransmitCommChar
IsBadHugeReadPtr
GetDiskFreeSpaceExW
SetCurrentDirectoryA
GetCommandLineW
SetConsoleMode
GetUserDefaultLangID
OpenSemaphoreA
UpdateResourceA
SetHandleInformation
EnumResourceLanguagesW
ReadFileEx
FlushFileBuffers
FindFirstChangeNotificationA
AllocConsole
VirtualQueryEx
WaitForMultipleObjectsEx
CreateProcessW
VerLanguageNameW
SizeofResource
AddAtomA
GlobalMemoryStatusEx
GetThreadTimes
SleepEx
HeapCompact
ReadDirectoryChangesW
SetVolumeLabelW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
AddRefActCtx
OpenMutexA
VirtualAlloc
SetWaitableTimer
OpenJobObjectW
GetStringTypeW
PulseEvent
FindFirstVolumeW
ExpandEnvironmentStringsA
WriteProfileStringA
GetVersion
CreateNamedPipeW
ExpandEnvironmentStringsW
SetErrorMode
IsBadCodePtr
SetEnvironmentVariableW
ResetEvent
GetLocalTime
EndUpdateResourceA
RaiseException
GetFileTime
RemoveDirectoryW
FindVolumeClose
GetAtomNameW
SetEvent
CopyFileExW
CreateEventA
GetSystemInfo
FindAtomW
RegisterWaitForSingleObject
SetSystemTime
lstrcmpW
DnsHostnameToComputerNameW
GetDriveTypeW
HeapSetInformation
GetNumberOfConsoleInputEvents
lstrcpynW
GetCurrentProcess
PeekConsoleInputA
SetConsoleCtrlHandler
GetVersionExA
WaitForSingleObject
VirtualProtect
ReleaseMutex
GetSystemDirectoryA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
GetProcAddress
VirtualQuery
HeapAlloc
LoadLibraryA
lstrlenW
GetComputerNameA
GetModuleFileNameA
lstrlenA
InterlockedCompareExchange
CreateDirectoryA
SetLastError
CreateFileMappingA
GetCommandLineA
LeaveCriticalSection
LocalFree
InitializeCriticalSectionAndSpinCount
CreateFileA
InterlockedIncrement
HeapFree
CloseHandle
BackupWrite
GetLastError

user32

GetAncestor
wsprintfA
GetClassNameW
CharUpperA
wvsprintfA
MessageBoxA
SetWindowRgn
GetGUIThreadInfo
LoadMenuA
ReuseDDElParam
OpenInputDesktop
SetMenu
ShowCursor
SendMessageW
SetWindowTextW
GetWindowRgn
CharNextW
GetAsyncKeyState
ScrollDC
WaitMessage
ChangeMenuA
SetWindowContextHelpId
GetMenuState
EnumThreadWindows
CheckMenuRadioItem
IsZoomed
GetSubMenu
SetActiveWindow
LoadCursorW
CreateDialogParamA
TrackPopupMenu
ShowWindow
SetScrollInfo
DefWindowProcW
SetWindowsHookExW
CharToOemA
IsDialogMessageA
InvalidateRgn
SetMenuItemBitmaps
CharPrevW
SendDlgItemMessageA
MapDialogRect
GetComboBoxInfo
GetTopWindow
GetNextDlgGroupItem
GetClassLongA
DrawTextA
ModifyMenuA
DrawFocusRect
FindWindowW
GetWindowPlacement
AdjustWindowRect
GetTabbedTextExtentA
MonitorFromRect
ChangeDisplaySettingsA
GetWindowDC
DeferWindowPos
CheckMenuItem
GetWindow
GetUpdateRect
RedrawWindow
DialogBoxIndirectParamA
CreateIconIndirect
PackDDElParam
UnhookWindowsHookEx
GetMessageA
TranslateMessage
RegisterClassExA
PostMessageA
SetWindowsHookExA
SendMessageA
DestroyWindow
DispatchMessageA
PostQuitMessage
CreateWindowExA
GetParent

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

shlwapi

SHSetValueA
StrCmpNIW
SHGetValueW
PathSetDlgItemPathW
PathIsPrefixW
PathIsDirectoryW
StrStrA
PathAddExtensionW
PathSkipRootW
StrStrW
AssocCreate

advapi32

ElfRegisterEventSourceW
RegOpenKeyW
RegisterServiceCtrlHandlerW
RegDeleteKeyW
ChangeServiceConfigW
EnumServicesStatusExW
GetInheritanceSourceW
CredReadDomainCredentialsW
ElfReportEventW
RegOpenCurrentUser
CloseServiceHandle
SaferGetPolicyInformation
RegEnumKeyA
EnumServicesStatusA
RegRestoreKeyW
SaferCloseLevel
MakeAbsoluteSD
SaferGetLevelInformation
OpenProcessToken
RegReplaceKeyW
RegisterEventSourceA
CredWriteDomainCredentialsW
RegUnLoadKeyA
RegCreateKeyExA
SetSecurityInfo
GetSecurityDescriptorSacl
RegDeleteValueA
GetUserNameA
ReadEventLogW

shell32

SHChangeNotify
ShellExecuteExA
SHParseDisplayName
ExtractIconExA
DragQueryFileW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetFolderPathA
SHOpenFolderAndSelectItems

Exports

Exports

olecfghid

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

003045fd86e744cdd265bfa5bafd3e69

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB