0b5edaac5225a7c68c992c5c763e4554_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b5edaac5225a7c68c992c5c763e4554_JaffaCakes118
Size

1.3MB
MD5

0b5edaac5225a7c68c992c5c763e4554
SHA1

3eab1a6216ac2d99354ebe353df7130e3109a4dd
SHA256

fdb23ac0f3277729f6c413f39a24197a2006e1f3dad256affedfd5ec359da095
SHA512

164f6bc2a5d38965e544a23974f40a85d6ab3a10788bfe95eaefdf3d56dc7db2622fd5d9353031246b60951a967b904d99707c20ad3e57bac828e51c40ee6e54
SSDEEP

24576:mEBsrKRIF0o4V1vgx2/kx8QJAxyznBkvSAZc6tMcRLxEGYJWGJfEJ3ZPi8E7p/4F:mEBsIIFz4HQ2mJnzBgc7AOMhkR79lGL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b5edaac5225a7c68c992c5c763e4554_JaffaCakes118

Files

0b5edaac5225a7c68c992c5c763e4554_JaffaCakes118
.dll windows:6 windows x64 arch:x64

01d43083ead3ecf9af42f318f14d9f1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
FormatMessageW
LocalFree
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
DisableThreadLibraryCalls
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetTickCount
ExitThread
CreateThread
Sleep
WriteConsoleW
SetFilePointerEx
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
CreateMutexA
FindNextFileA
FindFirstFileExA
FindClose
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
FreeLibrary
InterlockedFlushSList
RtlUnwindEx
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
CloseHandle
ReadFile
GetFileSize
IsValidCodePage
CreateFileW
EncodePointer
DecodePointer
MultiByteToWideChar
GetCPInfo
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount

advapi32

GetKernelObjectSecurity
AddAuditAccessObjectAce
GetSecurityDescriptorLength
ImpersonateSelf
RevertToSelf
FileEncryptionStatusW
ClearEventLogW
BackupEventLogW
DuplicateEncryptionInfoFile
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaLookupSids
LsaStorePrivateData
ConvertSidToStringSidA
CredRenameA
GetTrusteeTypeA

shlwapi

AssocQueryKeyW
SHRegDeleteEmptyUSKeyW
SHRegCreateUSKeyW
ord1
PathSearchAndQualifyW
PathIsRelativeW
PathGetCharTypeA
PathBuildRootW
wnsprintfA
StrCmpW
StrToIntA

dbghelp

ImageNtHeader
SymGetTypeInfo
SymUnDName64
SymInitialize
SymEnumerateModules64
SymCleanup
SymGetOptions
SymSetOptions
ImagehlpApiVersionEx
ImagehlpApiVersion
UnDecorateSymbolName
ImageDirectoryEntryToDataEx

urlmon

CreateAsyncBindCtx
MkParseDisplayNameEx
RegisterBindStatusCallback
RevokeBindStatusCallback
CreateFormatEnumerator
URLDownloadToCacheFileW
CoInternetParseUrl
CoInternetCompareUrl
CopyBindInfo
ReleaseBindInfo
CoInternetCreateZoneManager
CreateURLMonikerEx
CoInternetCombineUrl

winmm

midiOutGetNumDevs
mmioWrite
mmioRead
mmioClose
mmioOpenW
mmioOpenA
mmioStringToFOURCCW
mciGetYieldProc
mciGetDeviceIDA
midiOutGetErrorTextW
midiOutGetID
midiInGetErrorTextA
midiInGetErrorTextW
midiInGetID
mixerGetID
mixerGetNumDevs
mixerOpen
mixerClose
joyGetNumDevs
joyGetDevCapsA
joyGetThreshold
mmioSetBuffer

rpcrt4

MesHandleFree
MesDecodeBufferHandleCreate
MesEncodeDynBufferHandleCreate
MesEncodeFixedBufferHandleCreate
MesIncrementalHandleReset
MesDecodeIncrementalHandleCreate
MesEncodeIncrementalHandleCreate

comctl32

ImageList_Replace
CreatePropertySheetPageA
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Create
ImageList_Destroy
ImageList_SetBkColor
ImageList_GetBkColor
ord15
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_EndDrag
ImageList_DragMove
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_SetIconSize

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01d43083ead3ecf9af42f318f14d9f1f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

dbghelp

urlmon

winmm

rpcrt4

comctl32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 210KB - Virtual size: 209KB

.data Size: 3KB - Virtual size: 11KB

.pdata Size: 30KB - Virtual size: 29KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 210KB - Virtual size: 209KB

.data
Size: 3KB - Virtual size: 11KB

.pdata
Size: 30KB - Virtual size: 29KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB