083dcc0eec39453a34d122564ca8ec61_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

083dcc0eec39453a34d122564ca8ec61_JaffaCakes118
Size

161KB
MD5

083dcc0eec39453a34d122564ca8ec61
SHA1

2df29f24730028f87b87b1fa2b98a305b08612d9
SHA256

2c655f99c787b04150988ba78e43000cb3d7da1ce47a4b2de1983df618e17cf3
SHA512

3906bd9e577d9c9a6f0c6a209ab287706a7b1465df9601ef311f6d8b414a3e79c92327a6a07f6848b23e57d169a2ffb0a479d65fe9819d1b2cec83fa294d6bef
SSDEEP

3072:rdtJSkzLz7muQsSqYRpct6WfhtdclhfF7VChxw/6wmXS:5t1vmuQZ1/A6M6Fg46wmXS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
083dcc0eec39453a34d122564ca8ec61_JaffaCakes118

Files

083dcc0eec39453a34d122564ca8ec61_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5a14d25f3c7abf9107e16d60e27527ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryW
lstrcpyW
lstrcatW
GetTimeZoneInformation
lstrcpynW
GetLastError
CreateEventW
LocalFree
GetComputerNameW
ReadFile
GetFileSize
CreateFileW
GetTempFileNameW
GetTempPathW
SetEvent
FreeLibrary
ProcessIdToSessionId
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
WriteFile
DeleteFileW
GlobalUnlock
GlobalLock
GlobalSize
GetSystemTime
SetLastError
GetFileType
GetStdHandle
HeapDestroy
lstrcmpiW
GetModuleHandleW
GetShortPathNameW
InitializeCriticalSection
GetModuleFileNameW
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
CreateThread
MultiByteToWideChar
LocalFileTimeToFileTime
FileTimeToSystemTime
lstrlenW
GetProcessHeap
HeapAlloc
HeapFree
CreateMutexW
WaitForSingleObject
CloseHandle
ReleaseMutex
CreateDirectoryW
SetStdHandle
LCMapStringW
LCMapStringA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
HeapSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
ExitProcess
RaiseException
GetVersion
GetCommandLineA
GetLocalTime
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
RtlUnwind
MapViewOfFile
UnmapViewOfFile
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
Sleep
InterlockedExchange
GlobalFree
GlobalReAlloc
GlobalAlloc
CreateSemaphoreW
InterlockedExchangeAdd
ReleaseSemaphore
OpenFileMappingW
CreateFileMappingW
GetStartupInfoA

user32

SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharLowerW
LoadStringW
CharNextW

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
LookupAccountNameW
ConvertSidToStringSidW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
CryptEncrypt
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptDeriveKey

ole32

CoUninitialize
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
CoTaskMemFree
StringFromCLSID
GetHGlobalFromStream
CreateStreamOnHGlobal
CoCreateInstance
CoGetInterfaceAndReleaseStream

oleaut32

SafeArrayGetElement
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayPutElement
SafeArrayDestroy
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SystemTimeToVariantTime
SysAllocStringLen
VarBstrFromI4
VariantClear
SysAllocString
SysStringLen
SysFreeString
RegisterTypeLi

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

netapi32

NetWkstaUserEnum
NetApiBufferFree

shlwapi

PathFileExistsW
SHCreateStreamOnFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GBL
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a14d25f3c7abf9107e16d60e27527ef

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wtsapi32

netapi32

shlwapi

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 72KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 16KB - Virtual size: 21KB

.GBL Size: 4KB - Virtual size: 8B

.SHARSTA Size: 4KB - Virtual size: 4B

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 76KB - Virtual size: 72KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 16KB - Virtual size: 21KB

.GBL
Size: 4KB - Virtual size: 8B

.SHARSTA
Size: 4KB - Virtual size: 4B

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 12KB - Virtual size: 10KB