fe60621a4e23248f7a115caaa7263e13_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe60621a4e23248f7a115caaa7263e13_JaffaCakes118
Size

84KB
MD5

fe60621a4e23248f7a115caaa7263e13
SHA1

7a5b35d1c596b728c0c2b2780538c7280052915b
SHA256

fe018d77bc5d712eee1636f53c02b8ab3796fdaa6309a72e635afb96cf25ddce
SHA512

0e4cb98b330190ef1ea5b5121ceb2e7aacda332bb04eb861e3f16c5e568ce1caf8ec4c4faa8521034ae86aa80bfe6bb5b91176a4b15d15e57c3722bb4f49b8d9
SSDEEP

1536:/nFZAykmfrExLCvI+Lqe5pBm0oR4dnkSOV6VWpgZWSDYp://AQDEtG3Lqb6CS/WpgZWSM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe60621a4e23248f7a115caaa7263e13_JaffaCakes118

Files

fe60621a4e23248f7a115caaa7263e13_JaffaCakes118
.dll windows:4 windows x86 arch:x86

40380e1e2dd08302d1ef71b340dc8e63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExpandEnvironmentStringsW
FindNextVolumeMountPointW
QueueUserAPC
SetFileApisToOEM
RtlUnwind
SetConsoleWindowInfo
SetFilePointerEx
GetProcessVersion
GetFileTime
ReleaseActCtx
GetConsoleScreenBufferInfo
lstrcpyA
ReadDirectoryChangesW
PeekNamedPipe
GetTempFileNameA
FindVolumeClose
SetFileAttributesA
GetConsoleMode
WaitForSingleObjectEx
SetConsoleActiveScreenBuffer
GetUserDefaultLCID
ChangeTimerQueueTimer
GetProfileIntW
GetAtomNameA
FreeLibraryAndExitThread
lstrcatA
VirtualAllocEx
HeapSetInformation
DeleteTimerQueueEx
SetCommMask
DeleteVolumeMountPointW
BackupWrite
FormatMessageW
SetCommState
FlushViewOfFile
FindNextVolumeW
CreateJobObjectW
WriteProfileStringW
GetCalendarInfoW
CreateToolhelp32Snapshot
IsBadStringPtrW
OpenEventW
GetProfileStringW
CreateFileMappingW
SystemTimeToTzSpecificLocalTime
DnsHostnameToComputerNameW
HeapCompact
FindResourceA
GetStringTypeW
GetCommProperties
GetProcessAffinityMask
EnumSystemLocalesA
ConnectNamedPipe
MoveFileExA
WaitForMultipleObjects
CompareStringA
GetModuleHandleExW
GlobalAddAtomW
lstrlenW
SetLastError
CreateProcessA
HeapAlloc
GetVolumeInformationA
CreateFileA
GetLastError
Sleep
GetSystemTimeAsFileTime
GetModuleHandleA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetTickCount
lstrlenA
GetModuleFileNameA
LocalFree
UnmapViewOfFile
WaitForSingleObject
CreateDirectoryA
GetProcessHeap
GetSystemDirectoryA
CreateMutexA
GetProcAddress
VirtualProtect
InterlockedIncrement
InterlockedCompareExchange
ReleaseMutex
InterlockedDecrement
GetCommandLineA
LeaveCriticalSection
GetQueuedCompletionStatus

user32

IsCharAlphaA
SetCapture
CharNextW
BeginDeferWindowPos
GetTopWindow
MoveWindow
MonitorFromWindow
DispatchMessageW
GetClassInfoExW
CallMsgFilterW
GetCaretBlinkTime
CharNextExA
GetWindowRgn
GetMenu
LoadStringW
PtInRect
GetMenuCheckMarkDimensions
CreateIconIndirect
TabbedTextOutA
OffsetRect
GetWindowDC
GetWindowRect
CreateAcceleratorTableW
VkKeyScanW
SetProcessWindowStation
GetShellWindow
SubtractRect
UnhookWindowsHook
RegisterHotKey
SetWindowContextHelpId
SystemParametersInfoA
GetDesktopWindow
SetActiveWindow
GetWindowLongA
FrameRect
SendNotifyMessageW
GetScrollInfo
SendDlgItemMessageW
MessageBoxA
TranslateMDISysAccel
InvalidateRgn
SetScrollRange
GetMenuItemInfoA
GetDlgCtrlID
GrayStringW
GrayStringA
CreateCaret
GetSystemMetrics
GetSysColor
LoadAcceleratorsW
DrawEdge
ShowCursor
wsprintfA
SetMenuItemInfoW
DestroyCaret
UnregisterClassA
InsertMenuA
SetMenuDefaultItem
FillRect
UpdateWindow
SendInput
SendMessageW
EndPaint
DrawStateA
GetUpdateRect
CloseDesktop
CharNextA
CreateWindowExA
RegisterWindowMessageA
DestroyWindow
DispatchMessageA
RegisterClassExA
SetTimer
CallNextHookEx
GetWindowThreadProcessId
SendMessageA
TranslateMessage
DefWindowProcA
GetClassNameA
PostMessageA
KillTimer
FindWindowA
CreateIconFromResourceEx

shlwapi

UrlEscapeW
StrDupA
PathCompactPathExW
StrToIntA
StrStrIA
wvnsprintfW
PathGetArgsW
wnsprintfW
PathParseIconLocationW
StrCmpIW
PathStripPathW
UrlGetPartW
SHDeleteValueW
PathCompactPathW
PathRemoveExtensionW
StrStrIW
UrlUnescapeW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
RegOpenKeyExA
GetSecurityDescriptorSacl
RegCreateKeyExA
RegCloseKey
GetUserNameA
RegUnLoadKeyW
RegRestoreKeyA
RegSetValueA
SaferGetLevelInformation
LockServiceDatabase
CreateProcessWithLogonW
RegQueryValueA
SaferCreateLevel
DuplicateToken
RegisterServiceCtrlHandlerExA
RegQueryValueW
GetInheritanceSourceW
BuildTrusteeWithNameW
RegQueryValueExW
StartServiceCtrlDispatcherA
RegCreateKeyExW
ReportEventW
SaferCloseLevel
ImpersonateNamedPipeClient
SetTokenInformation
RegSaveKeyW
QueryServiceConfigA
RegEnumKeyExA
RegQueryInfoKeyW
OpenEventLogA
QueryServiceLockStatusA
RevertToSelf
RegLoadKeyA
EnumServicesStatusW
RegConnectRegistryW
RegisterServiceCtrlHandlerExW
RegDeleteValueA

Exports

Exports

CvtCommonserv

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40380e1e2dd08302d1ef71b340dc8e63

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

advapi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB