8d1f8d0fff66281b11574adf6c3d5a28_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8d1f8d0fff66281b11574adf6c3d5a28_JaffaCakes118
Size

395KB
MD5

8d1f8d0fff66281b11574adf6c3d5a28
SHA1

863a0e79f027d47e954744fb73bcfbd3c1448679
SHA256

8f69df442b562e4d9bb94a5ba62d0bfa6fe25fa7119b015351a9edf7f6a9a8c0
SHA512

458ea77718819cac0357571c16199a7415f1dd9c7a252a93aba678a45504235535053a67b1d495f03e864a64f9c23f835627443c70554c6b0d97e8e9efb3b31c
SSDEEP

12288:UbAMjI7gtjyJTP0jSu2y3a9tlBDq3kX/llh:gqDlcr2h9tlBD2kXt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d1f8d0fff66281b11574adf6c3d5a28_JaffaCakes118

Files

8d1f8d0fff66281b11574adf6c3d5a28_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3bf3c00da61efed30928b6a090288292

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleInformation

advapi32

LookupPrivilegeNameW
EnumServicesStatusExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptImportKey
CryptDecrypt
CryptGetProvParam
CryptExportKey
CryptEnumProvidersW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetKeyParam
CryptGetUserKey
CredEnumerateW
CredFree
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
QueryUsersOnEncryptedFile
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
IsTextUnicode
CloseServiceHandle
CreateServiceW
OpenSCManagerW
OpenServiceW
StartServiceW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
DeleteService
CreateProcessAsUserW
CreateProcessWithLogonW
AllocateAndInitializeSid
FreeSid
SetKernelObjectSecurity
LookupAccountSidW
DuplicateTokenEx
QueryServiceObjectSecurity
SetServiceObjectSecurity
BuildSecurityDescriptorW
ConvertSidToStringSidW
ControlService

user32

GetWindowThreadProcessId
UpdateWindow
InvalidateRect
PostThreadMessageW
EnumWindowStationsW
EnumDesktopsW
EnumWindows
WaitForInputIdle

secur32

LsaGetLogonSessionData
GetUserNameExW
LsaEnumerateLogonSessions
LsaFreeReturnBuffer

crypt32

CryptAcquireCertificatePrivateKey
CertEnumCertificatesInStore
PFXExportCertStoreEx
CertGetNameStringW
CertEnumSystemStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertCloseStore
CertOpenStore

shlwapi

PathCanonicalizeW
PathIsRelativeW
PathCombineW

wtsapi32

WTSCloseServer
WTSOpenServerW
WTSEnumerateSessionsW
WTSFreeMemory
WTSEnumerateProcessesW

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
SetStdHandle
OutputDebugStringW
WriteConsoleW
SetEndOfFile
WriteProcessMemory
IsValidCodePage
GetConsoleCP
GetModuleFileNameW
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
IsDebuggerPresent
GetProcessHeap
MultiByteToWideChar
WriteFile
ReadFile
CloseHandle
CreateFileW
InterlockedDecrement
FreeLibraryAndExitThread
GetProcAddress
Sleep
FreeLibrary
LoadLibraryW
GetLastError
FlushFileBuffers
SetLastError
GetModuleHandleW
VirtualAllocEx
VirtualFreeEx
OpenProcess
CreateRemoteThread
WaitForSingleObject
VirtualProtect
VirtualProtectEx
GetCurrentProcess
ReadProcessMemory
TerminateProcess
GetProcessId
DuplicateHandle
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
ResumeThread
VirtualQueryEx
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetNativeSystemInfo
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitNamedPipeW
DebugActiveProcess
CreateProcessW
IsBadReadPtr
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
LocalFree
FormatMessageW
GetCurrentDirectoryW
GetComputerNameExW
GetVersionExW
OpenThread
TerminateThread
SuspendThread
Thread32First
Thread32Next
WideCharToMultiByte
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapFree
RaiseException
RtlUnwind
HeapAlloc
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent

oleaut32

VariantClear
SysFreeString
SysAllocString

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0
ping

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bf3c00da61efed30928b6a090288292

Headers

DLL Characteristics

File Characteristics

Imports

psapi

advapi32

user32

secur32

crypt32

shlwapi

wtsapi32

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 274KB - Virtual size: 273KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 760B

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 274KB - Virtual size: 273KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 760B

.reloc
Size: 16KB - Virtual size: 16KB