0da1c09fc2dbcf993869f174fdfd98eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0da1c09fc2dbcf993869f174fdfd98eb_JaffaCakes118
Size

3.2MB
MD5

0da1c09fc2dbcf993869f174fdfd98eb
SHA1

d63961a90cb316e4bfb05a57fbaae93c09e3b071
SHA256

cf5efeea640dbfd4334d70e0bc15b486142dfaf3c7ce608059ae1a623ab812ae
SHA512

16c85ea51020d7900c510a28c89a910a74ab3371b9b1609da49bf842b86969f08656f128355dca20bc62a6d631449855067b8f8eb657b9fd1d0f38a45c5370de
SSDEEP

98304:vhakcp1fU6BMXkGhPvgbDlCPQeZeXADoevue2u:Bcp1cpXkGVUrooev

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0da1c09fc2dbcf993869f174fdfd98eb_JaffaCakes118

Files

0da1c09fc2dbcf993869f174fdfd98eb_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

78bc4d7502a410a29e78e2f413bcdc67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
ExpandEnvironmentStringsW
CreateToolhelp32Snapshot
GetFullPathNameA
FindFirstFileA
Process32FirstW
FormatMessageW
CreateProcessW
ResumeThread
WinExec
Process32NextW
GetCurrentThreadId
GetDriveTypeA
SetConsoleTextAttribute
GetProcessHeap
SetConsoleMode
ReadConsoleInputA
CreateThread
SetCurrentDirectoryW
ExitThread
CreatePipe
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
ProcessIdToSessionId
CreateConsoleScreenBuffer
GetStdHandle
DisconnectNamedPipe
GetStartupInfoW
MultiByteToWideChar
ReadFile
TerminateProcess
ReadConsoleOutputW
GetConsoleWindow
FreeConsole
WideCharToMultiByte
GetConsoleCP
GetTickCount
SetConsoleScreenBufferSize
WaitForSingleObject
SetConsoleActiveScreenBuffer
GetCurrentProcess
AllocConsole
PeekNamedPipe
WriteConsoleInputW
CloseHandle
lstrcpynW
Sleep
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
FileTimeToLocalFileTime
GetModuleHandleA
GetProcAddress
FileTimeToSystemTime
GetVersionExW
OpenProcess
ResetEvent
SetEvent
GetCurrentProcessId
GetModuleFileNameA
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCommandLineA
RaiseException
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleMode
InitializeCriticalSectionAndSpinCount
RtlUnwind
FreeLibrary
InterlockedExchange
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
InitializeCriticalSection
InterlockedCompareExchange
CreateFileW
CreateEventW
GetCurrentDirectoryW
GetLongPathNameW
GetTempPathW
GetSystemDirectoryW
GetLogicalDriveStringsW
SetThreadPriority
GetExitCodeThread
GetFileAttributesW
GetFileAttributesExW
SetFileTime
SetEndOfFile
SetFileAttributesW
CopyFileW
MoveFileW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
TryEnterCriticalSection
FindFirstFileW
FindClose
FindNextFileW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetVersionExA
GetSystemInfo
GetComputerNameW
GetExitCodeProcess
GetProcessTimes
DuplicateHandle
CreateMutexW
ReleaseMutex
WaitForMultipleObjects
GetModuleFileNameW
LocalFree
LocalAlloc
LoadLibraryW
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
GetLastError
WriteFile
CreateFileA

user32

GetDesktopWindow
GetUserObjectInformationW
wsprintfW
MoveWindow
IsWindowVisible
SetThreadDesktop
ShowWindow
CloseDesktop
GetProcessWindowStation
CreateWindowStationW
CloseWindowStation
GetThreadDesktop
GetWindowRect
SetProcessWindowStation
CreateDesktopW
MessageBoxA

advapi32

OpenSCManagerA
CryptDecrypt
CryptSetHashParam
OpenProcessToken
GetTokenInformation
LookupAccountSidA
CreateProcessAsUserW
InitializeSecurityDescriptor
SetTokenInformation
SetSecurityDescriptorDacl
LookupPrivilegeValueW
DuplicateTokenEx
RegisterEventSourceW
ReportEventW
ImpersonateLoggedOnUser
RevertToSelf
AdjustTokenPrivileges
LogonUserW
IsTextUnicode
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegQueryValueExW
CloseServiceHandle
CreateServiceW
DeleteService
QueryServiceStatus
StartServiceA
ControlService
ChangeServiceConfigA
OpenServiceW
QueryServiceConfigW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyA
RegEnumValueW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA
CryptDestroyKey
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashA
RegCloseKey
RegOpenKeyExW
CryptCreateHash

ws2_32

getservbyname
ntohl
send
WSAStartup
gethostname
getnameinfo
getaddrinfo
freeaddrinfo
WSAAddressToStringA
inet_addr
htons
WSAGetLastError
gethostbyname
recv
sendto
recvfrom
WSASetLastError
select
getsockname
getpeername
setsockopt
getsockopt
socket
ioctlsocket
__WSAFDIsSet
accept
connect
bind
listen
closesocket
ntohs
shutdown
WSACleanup

iphlpapi

GetAdaptersInfo

httpapi

HttpSendResponseEntityBody
HttpSendHttpResponse
HttpRemoveUrl
HttpAddUrl
HttpReceiveHttpRequest
HttpTerminate
HttpCreateHttpHandle
HttpInitialize
HttpReceiveRequestEntityBody

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext

Exports

Exports

DllRegisterServer
Update

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 558KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78bc4d7502a410a29e78e2f413bcdc67

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

iphlpapi

httpapi

userenv

version

crypt32

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 558KB - Virtual size: 557KB

.data Size: 72KB - Virtual size: 102KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 137KB - Virtual size: 136KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 558KB - Virtual size: 557KB

.data
Size: 72KB - Virtual size: 102KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 137KB - Virtual size: 136KB