adea7888ae9ad714bcc977a42084df43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

adea7888ae9ad714bcc977a42084df43_JaffaCakes118
Size

876KB
MD5

adea7888ae9ad714bcc977a42084df43
SHA1

9ff037a4467be080dfb8266c98d1045557feae2c
SHA256

06a9cecf6d9feeb6f54639eb0f75a3cdeb6ed1071ac1d4c33f368ac058eb7c1a
SHA512

bd75ab41ddf64d8393fbc5038704dfd3091e7da76a3399f92b1cc3934e2325592cfbc52de0a82371a0b07e7f28d900e1ce77c5a4838d5ee7cde2308772277eff
SSDEEP

12288:x5F5yHyheNrrD/Vj+U9QT8asbdCUdDP4oNYUF7Kw8o8s:x5F5ozVrDw+BakdNdDwuYUtN8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adea7888ae9ad714bcc977a42084df43_JaffaCakes118

Files

adea7888ae9ad714bcc977a42084df43_JaffaCakes118
.dll windows:6 windows x64 arch:x64

335398669e21ef08350c0e29d89d4f5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
FormatMessageW
SetCommMask
GetCommMask
GetBinaryTypeA
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetTickCount
HeapSize
WriteConsoleW
SetFilePointerEx
SetEndOfFile
SetStdHandle
GetProcessHeap
ReadDirectoryChangesW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
FindNextFileA
FindFirstFileExA
FindClose
FlushFileBuffers
GetStdHandle
GetFileAttributesExW
CreateProcessA
GetExitCodeProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapReAlloc
HeapFree
CreateThread
Sleep
GetCurrentDirectoryA
CreateEventW
CreateMutexA
WaitForSingleObject
ReleaseMutex
DeviceIoControl
GetOverlappedResult
GetLastError
CloseHandle
WriteFile
ReadFile
GetFileSize
CreateFileW
IsValidCodePage
SetEnvironmentVariableA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetCPInfo
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
FreeLibrary
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
GetModuleFileNameA
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleCP
ReadConsoleInputA
SetConsoleMode
GetACP
HeapAlloc
RtlUnwind

gdi32

CreatePolygonRgn
ExtCreatePen
GetLogColorSpaceW
CreateICA
SetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
GetEnhMetaFileBits
CreateEnhMetaFileW
LineDDA
GetObjectType
ExtCreateRegion
DeleteObject
DeleteDC
CombineTransform

comdlg32

CommDlgExtendedError
FindTextW
FindTextA
GetFileTitleW

advapi32

RegOpenKeyExW
CreatePrivateObjectSecurity
DestroyPrivateObjectSecurity
ImpersonateAnonymousToken
RevertToSelf
CloseEventLog
DeregisterEventSource
NotifyChangeEventLog
OpenEventLogW
RegisterEventSourceW
LookupPrivilegeValueA
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
StartServiceCtrlDispatcherW
LsaFreeMemory
SaferGetPolicyInformation
LsaEnumerateAccountRights
LsaLookupNames
LsaOpenPolicy
LsaClose
AccessCheck

shlwapi

UrlCreateFromPathW
PathUnmakeSystemFolderW
PathSearchAndQualifyA
PathCombineA
ord217

urlmon

CoInternetGetSession
CoInternetSetFeatureEnabled
CoInternetIsFeatureEnabled
GetClassFileOrMime
MkParseDisplayNameEx

winmm

mmioClose
auxGetVolume
mmioSendMessage
mciGetErrorStringW
mciSendStringW
mmioCreateChunk
mmioOpenW
waveOutGetNumDevs
waveOutGetErrorTextW
waveOutGetID
mmioOpenA
auxGetNumDevs

rpcrt4

MesDecodeBufferHandleCreate
MesEncodeDynBufferHandleCreate
MesHandleFree
MesDecodeIncrementalHandleCreate
MesEncodeIncrementalHandleCreate
I_RpcMapWin32Status
MesEncodeFixedBufferHandleCreate
MesBufferHandleReset

comctl32

DestroyPropertySheetPage
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
CreatePropertySheetPageW
ImageList_Remove
ImageList_GetIconSize
ImageList_SetIconSize
ord8
ord14
InitMUILanguage
GetMUILanguage
ImageList_DrawEx

iphlpapi

GetNetworkParams

Sections

.text
Size: 661KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

335398669e21ef08350c0e29d89d4f5a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

comdlg32

advapi32

shlwapi

urlmon

winmm

rpcrt4

comctl32

iphlpapi

Sections

.text Size: 661KB - Virtual size: 661KB

.rdata Size: 179KB - Virtual size: 179KB

.data Size: 14KB - Virtual size: 107KB

.pdata Size: 15KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 661KB - Virtual size: 661KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 14KB - Virtual size: 107KB

.pdata
Size: 15KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB