fb2ffb75ef089c85df6fbcabc300fe71_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb2ffb75ef089c85df6fbcabc300fe71_JaffaCakes118
Size

84KB
MD5

fb2ffb75ef089c85df6fbcabc300fe71
SHA1

0ca45936bbb5101166138a9059a2d5e050974886
SHA256

b0bafe51d0a6c30ba4c2a2b9742e0250316721f0c143db2f356d4d74fa30a5fa
SHA512

6436cee506ec8c8e8821e80d4946ab14a3d5c64885187d34fd83cdddc8febc28e8f5aa42121a7a39fcb630ae84b51e93ac4dc3383a7ed214bd0ad4f111734c43
SSDEEP

1536:GaJrBjddLlOVwwfnLIXicN/6E6ZMNMCl2+vGkAOwq:GaJrBjDxtw8ScNyE6ZIl2+vGkAT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb2ffb75ef089c85df6fbcabc300fe71_JaffaCakes118

Files

fb2ffb75ef089c85df6fbcabc300fe71_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ac431e4b38cafcc7a7b225c2756f950c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlMoveMemory
WaitNamedPipeA
ReadConsoleA
GetShortPathNameA
GetNumberFormatA
SetCurrentDirectoryA
UnlockFile
DuplicateHandle
FreeResource
MoveFileW
ClearCommBreak
UnregisterWaitEx
SetMailslotInfo
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
lstrcmpiA
WaitNamedPipeW
VerLanguageNameW
GetCompressedFileSizeW
CreateEventW
GetFileAttributesExA
SetSystemTime
WideCharToMultiByte
SetEnvironmentVariableA
GetStringTypeW
IsBadReadPtr
CreateTimerQueue
ConvertDefaultLocale
WriteProfileStringW
DisconnectNamedPipe
GlobalFlags
GetModuleHandleW
RtlUnwind
CompareStringA
GetStartupInfoA
GetStdHandle
FreeLibraryAndExitThread
FindResourceW
WriteProcessMemory
LocalFlags
HeapDestroy
GetVolumePathNamesForVolumeNameW
GetThreadPriority
GetCommState
ResumeThread
ExpandEnvironmentStringsW
DeleteTimerQueueEx
SetConsoleCursorPosition
WaitForSingleObject
Sleep
GetModuleHandleA
CloseHandle
LocalFree
VirtualQuery
HeapFree
SetLastError
InterlockedCompareExchange
InterlockedIncrement
CreateFileA
InterlockedExchange
VirtualProtect
CreateDirectoryA
GetSystemTimeAsFileTime
LoadLibraryA
EnterCriticalSection
ReleaseMutex
GetComputerNameA
LeaveCriticalSection
GetProcAddress
GetSystemDirectoryA
GetModuleFileNameA
GetCurrentProcessId
lstrlenA
CreateMutexA
GetProcessHeap
UnmapViewOfFile
GlobalFree

ole32

OleRegGetUserType
OleRegEnumVerbs
StgOpenStorageOnILockBytes
OleDuplicateData
CoGetObjectContext
OleRegGetMiscStatus
OleQueryCreateFromData
CoMarshalInterThreadInterfaceInStream
CoSetProxyBlanket
IIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoInitialize

user32

CallMsgFilterW
RemoveMenu
CharToOemW
LoadBitmapA
RegisterHotKey
InSendMessage
SetMenuDefaultItem
DeleteMenu
OpenWindowStationA
BroadcastSystemMessageW
SetWindowLongA
GetProcessDefaultLayout
GrayStringW
DrawTextExA
EnumDesktopsW
GetMessagePos
CharLowerBuffA
CharLowerBuffW
GetClassInfoW
MapWindowPoints
VkKeyScanW
CopyRect
GetThreadDesktop
IsDlgButtonChecked
HideCaret
MsgWaitForMultipleObjects
GetScrollRange
SetScrollPos
RemovePropW
DestroyWindow
DefWindowProcA
GetClassNameW
DrawFocusRect
EnableScrollBar
GetMessageW
SetDlgItemInt
UnhookWindowsHook
DispatchMessageA
SetWinEventHook
SendMessageA
GetClassNameA
RegisterClassExA
RegisterWindowMessageA
KillTimer
SetWindowsHookExA

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExA
SetSecurityInfo
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegOpenCurrentUser
EnumServicesStatusW
CredReadDomainCredentialsW
OpenEventLogW
CreateServiceW
CreateServiceA
RegDeleteKeyW
MakeSelfRelativeSD
BuildExplicitAccessWithNameW
CreateProcessAsUserA
EnumServicesStatusA
ControlService
RegSaveKeyExW
ReportEventA
RegDisablePredefinedCache
QueryServiceConfigW
RegOpenKeyExW
GetUserNameW
QueryServiceStatusEx
ReadEventLogW

shell32

CommandLineToArgvW
SHGetPathFromIDListA
SHGetFileInfoA
SHGetFolderPathA
SHChangeNotify

gdi32

PtVisible
GetNearestPaletteIndex
CreateBrushIndirect
GetSystemPaletteEntries
SetPixelV
LineTo
GetBkMode
Pie
CreateMetaFileW
BeginPath
GetObjectA
GetEnhMetaFileBits
SetLayout
EnumFontFamiliesExW
GetBrushOrgEx
ExtCreateRegion
SetBkMode
StrokeAndFillPath
AbortPath
UnrealizeObject
ExtCreatePen

Exports

Exports

SmartPathUI

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac431e4b38cafcc7a7b225c2756f950c

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

advapi32

shell32

gdi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB