15db9ab17dcb46bcb5c55a6f66f4b80d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15db9ab17dcb46bcb5c55a6f66f4b80d_JaffaCakes118
Size

120KB
MD5

15db9ab17dcb46bcb5c55a6f66f4b80d
SHA1

1e890f01298b5b13e06e8296512346659cbd7c30
SHA256

3e5a1b26109717269fb785729cc606b8c06e521dbeff01328f043b2c01326caf
SHA512

a03c2537175542ef3450d51e306d6380a6c792982e697df526a19ef8fce00ad008bb2fb8ff3704c42da7dace17a9e342682d0c2c7705dc82061860e59f894523
SSDEEP

3072:y7uTMV7UgqAaK8RLsl6WBr7xMJWeXrQJ7WEl5D:0uI1Uox8RAdr7CWeXct

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15db9ab17dcb46bcb5c55a6f66f4b80d_JaffaCakes118

Files

15db9ab17dcb46bcb5c55a6f66f4b80d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2a537165f43e628feaa0cd0aeff1aac4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

ImpersonateSelf
GetSecurityDescriptorOwner
RegOpenKeyExA

setupapi

SetupLogErrorA
SetupOpenMasterInf
SetupDiClassNameFromGuidExA
SetupGetFileCompressionInfoW
SetupGetSourceFileLocationW
SetupDiCreateDeviceInterfaceA
SetupDiLoadClassIcon
SetupRemoveFromSourceListA
SetupDiInstallDevice
SetupGetInfInformationW
SetupDiDeleteDeviceInterfaceData
SetupInstallFromInfSectionW
SetupGetBinaryField

oleacc

GetStateTextW
GetRoleTextA

gdi32

CreateRoundRectRgn

version

GetFileVersionInfoSizeA

resutils

ResUtilSetSzValue
ResUtilSetPropertyTable
ResUtilGetPropertySize
ResUtilGetSzValue
ResUtilResourceTypesEqual
ResUtilGetResourceNameDependency
ResUtilGetPropertiesToParameterBlock
ResUtilGetBinaryValue
ClusWorkerCheckTerminate
ResUtilVerifyResourceService
ResUtilSetDwordValue
ResUtilGetDwordProperty
ResUtilGetBinaryProperty

oleaut32

CreateErrorInfo
SetErrorInfo

winmm

waveOutSetPlaybackRate
mmioAdvance
midiInOpen
waveOutGetDevCapsA
waveInAddBuffer
auxSetVolume
midiOutPrepareHeader
waveInClose
waveOutClose
waveOutGetPosition
waveOutGetPitch
waveInGetErrorTextW
mmioGetInfo
mixerOpen
OpenDriver
mixerClose
mmioSeek
joyGetPos
mixerGetLineControlsA
waveInStart
midiInUnprepareHeader
waveOutPrepareHeader

wininet

FtpSetCurrentDirectoryA
InternetReadFileExA
FindNextUrlCacheEntryW
InternetCrackUrlA
InternetConfirmZoneCrossing
FtpSetCurrentDirectoryW
InternetHangUp
UnlockUrlCacheEntryStream
HttpSendRequestA
InternetSetOptionExW
GetUrlCacheEntryInfoA
RetrieveUrlCacheEntryFileA
HttpAddRequestHeadersA
InternetCombineUrlW
InternetOpenUrlW
GopherFindFirstFileW
InternetFindNextFileW
InternetSetOptionW
InternetSetOptionExA
InternetCombineUrlA
GetUrlCacheEntryInfoW
InternetGetCookieW
GopherFindFirstFileA
InternetGetCookieA
CreateUrlCacheEntryW
CreateUrlCacheGroup
GopherCreateLocatorW
InternetReadFileExW
FindNextUrlCacheEntryExW
InternetSetOptionA
InternetGetLastResponseInfoA
HttpQueryInfoA
InternetCanonicalizeUrlA
InternetQueryDataAvailable
FtpPutFileA
InternetCloseHandle
GopherOpenFileW
FindCloseUrlCache

kernel32

GlobalLock
GetThreadLocale
GetPrivateProfileStructA
DisableThreadLibraryCalls

winspool.drv

SetFormA
DeleteMonitorW
SetPrinterDataW
DeviceCapabilitiesA
StartDocPrinterA
DeletePrinterConnectionA
EnumPrinterKeyW
GetJobW
SetJobA
ClosePrinter
SetPrinterDataA

rpcrt4

RpcMgmtInqStats
RpcEpRegisterW
I_RpcBindingInqDynamicEndpointA
NdrFixedArrayMarshall
RpcBindingInqOption
NdrVaryingArrayFree
RpcAsyncAbortCall
NdrComplexArrayMemorySize
NdrConformantVaryingStructUnmarshall
RpcProtseqVectorFreeW
RpcBindingInqAuthInfoExA
I_RpcClearMutex
NdrContextHandleSize
NdrComplexStructFree
NdrNonEncapsulatedUnionUnmarshall
NdrNonConformantStringBufferSize
NdrByteCountPointerBufferSize
long_from_ndr
DceErrorInqTextW
RpcStringBindingParseW
RpcBindingToStringBindingA
I_UuidCreate
NdrNonEncapsulatedUnionMemorySize
NdrSimpleStructMarshall
RpcRevertToSelfEx
I_RpcFreePipeBuffer
NdrStubCall
RpcSsDestroyClientContext
NdrConformantStringMemorySize
RpcServerInqDefaultPrincNameA
NdrRpcSmClientAllocate
NdrXmitOrRepAsFree
NdrNonConformantStringUnmarshall
NdrConformantStringMarshall
NdrPointerFree

clusapi

GetClusterGroupKey
ClusterRegDeleteValue
GetClusterNodeKey
SetClusterResourceName
ClusterOpenEnum
GetClusterInformation
GetClusterResourceKey
ClusterRegDeleteKey
RemoveClusterResourceDependency
GetClusterNodeId
GetClusterResourceNetworkName
GetClusterKey
GetClusterNotify
ClusterNetInterfaceControl
ClusterResourceOpenEnum
ClusterNodeControl
ChangeClusterResourceGroup
ClusterNetworkCloseEnum

ole32

CoGetInterfaceAndReleaseStream
PropVariantClear
CoTaskMemFree
OleCreateLinkFromData
CoDisconnectObject
OleRegGetUserType

msi

ord28
ord21
ord169
ord56
ord37
ord35
ord25
ord16

msvcrt

_initterm
free
_adjust_fdiv
malloc

comctl32

ord6
ImageList_DragMove
PropertySheetW
ImageList_LoadImageA
ImageList_GetDragImage
ord3
ord5
ImageList_Copy
FlatSB_SetScrollPos

shlwapi

StrNCatA
PathMatchSpecA
SHCreateShellPalette
StrFormatByteSizeW
PathRemoveBackslashW
PathAppendA
PathAddExtensionW

Exports

Exports

5UvLkBb0RrGh7Wxo
c2Pk679
x70o875
z0865gR

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a537165f43e628feaa0cd0aeff1aac4

Headers

File Characteristics

Imports

advapi32

setupapi

oleacc

gdi32

version

resutils

oleaut32

winmm

wininet

kernel32

winspool.drv

rpcrt4

clusapi

ole32

msi

msvcrt

comctl32

shlwapi

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB