296ad5bc5832d0af44de9fb24caaf55c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

296ad5bc5832d0af44de9fb24caaf55c_JaffaCakes118
Size

124KB
MD5

296ad5bc5832d0af44de9fb24caaf55c
SHA1

42fe338b0dba082cc63931b1ee2421d5419058fb
SHA256

ae1b86ae6841e7c4531d0c3e7f902b120dd1586c29223ed815ef52b68c8dd07c
SHA512

b7cc6c19da62a299226add2bebbf9a8f63270e08b23319595fa26644252242a767bb238433ea29585ac2917fd53c0cbec516e693341673b41062cd3953842f1e
SSDEEP

1536:4a+D12Y0Tx6Gw4AoxAx/jTNSGFa/a4a7heYUZzKaaUbZfS4DJ/lEBGmNR/HV2wTw:4312ngGwKAx/HNlFugioUJNgGOEPVmv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296ad5bc5832d0af44de9fb24caaf55c_JaffaCakes118

Files

296ad5bc5832d0af44de9fb24caaf55c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cc850bd090d57f41faddbcf26f5e5bb6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsValidLanguageGroup
GlobalDeleteAtom
LocalReAlloc
SetEnvironmentVariableW
GetCurrentThread
ConnectNamedPipe
GetVersionExW
GetTempFileNameW
lstrcmpiA
GetVersion
GetTapeParameters
OpenSemaphoreW
GlobalGetAtomNameA
OpenMutexW
GetSystemDefaultUILanguage
FindFirstChangeNotificationA
SystemTimeToFileTime
TryEnterCriticalSection
GetLocaleInfoW
HeapWalk
GetBinaryTypeA
FindFirstFileExW
WaitNamedPipeW
IsBadCodePtr
GetFullPathNameA
GetProcessVersion
GetProfileStringA
GetShortPathNameW
GetProfileIntA
ExitThread
ResumeThread
FreeLibraryAndExitThread
ExitProcess
OpenSemaphoreA
GlobalHandle
IsBadStringPtrW
CreateEventA
InterlockedCompareExchange
FindClose
VerifyVersionInfoA
EnumResourceLanguagesA
SetFileAttributesA
GetSystemDirectoryW
HeapUnlock
GetModuleHandleExW
FindFirstVolumeMountPointW
LocalFlags
GetStdHandle
CreateDirectoryW
CreateMutexW
GetFileInformationByHandle
GetTempPathA
SetConsoleCursorPosition
SetEndOfFile
SetConsoleCtrlHandler
GetComputerNameW
WaitForMultipleObjects
UnregisterWait
GetSystemInfo
GetStringTypeExW
GetWindowsDirectoryW
CompareFileTime
SetEnvironmentVariableA
IsBadWritePtr
FreeConsole
GetFileAttributesExW
PeekNamedPipe
GetCurrentThreadId
ProcessIdToSessionId
FindResourceExA
GetConsoleCP
GetDriveTypeW
FindAtomW
GetFileAttributesA
UpdateResourceA
TerminateProcess
GetLocalTime
WriteConsoleW
HeapSetInformation
WaitForMultipleObjectsEx
CreateIoCompletionPort
EnumResourceNamesW
HeapDestroy
SetHandleInformation
IsBadReadPtr
VerifyVersionInfoW
GetProfileStringW
EnumSystemLocalesA
GetCompressedFileSizeW
OpenEventA
PostQueuedCompletionStatus
GetUserDefaultLCID
ReadConsoleA
GetProfileSectionA
GlobalMemoryStatus
GetProcessAffinityMask
ReadConsoleInputA
GetLogicalDriveStringsW
CopyFileExW
ChangeTimerQueueTimer
OpenMutexA
GetFileAttributesW
ReadProcessMemory
PeekConsoleInputA
LocalLock
EscapeCommFunction
LCMapStringW
RemoveDirectoryW
DosDateTimeToFileTime
WriteProcessMemory
WriteConsoleA
CreateMailslotA
SearchPathW
SetInformationJobObject
CallNamedPipeA
GetVolumePathNamesForVolumeNameW
CreateJobObjectW
SetLastError
GetCommandLineA
CreateEventW
WaitNamedPipeA
HeapValidate
GetExitCodeProcess
EnterCriticalSection
LocalFree
GetProcAddress
ReleaseMutex
GetProcessHeap
CreateMutexA
HeapFree
GetComputerNameA
HeapAlloc
InitializeCriticalSection
UnmapViewOfFile
GetSystemTimeAsFileTime
CopyFileA
Sleep
LoadLibraryA
CreateFileMappingA
CreateProcessA
GetLastError
WriteFile
CreateThread
GetCurrentProcessId
ReadFile
VirtualQuery
DeleteFileA
CreateFileA
VirtualProtect
InterlockedDecrement
InterlockedExchange
MapViewOfFile
CloseHandle
GlobalFree
GlobalAlloc

ole32

GetHGlobalFromStream
CoTaskMemRealloc
CoQueryProxyBlanket
OleRegGetMiscStatus
CoUnmarshalInterface
OleLoadFromStream
StgOpenStorageEx
FreePropVariantArray
OleSave
CreatePointerMoniker
RevokeDragDrop
SetConvertStg
OleCreateFromData
CreateDataAdviseHolder
CoGetCallContext
CoEnableCallCancellation
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
OleGetAutoConvert
BindMoniker
OleCreateLinkToFile
CoMarshalInterThreadInterfaceInStream
CoCreateInstanceEx
CoDisconnectObject
CoInitializeEx
CreateItemMoniker
OleQueryCreateFromData
CoLockObjectExternal
OleQueryLinkFromData
OleLockRunning
OleCreateFromFile
CoWaitForMultipleHandles

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegSetValueExA
SetNamedSecurityInfoA
RegCloseKey
EnumServicesStatusA
RegisterServiceCtrlHandlerW
SetEntriesInAclW
StartServiceA
RegEnumValueA
SetThreadToken
RegisterEventSourceW
CreateProcessAsUserW
DuplicateToken
OpenProcessToken
RegRestoreKeyW
RegSetValueW
CreateProcessWithLogonW
QueryServiceConfig2W
DeregisterEventSource
RegReplaceKeyW
RegQueryInfoKeyW
OpenServiceA
RegisterServiceCtrlHandlerExA
RegSetValueExW
EnumServicesStatusExW
OpenServiceW
ControlService
OpenThreadToken
CreateServiceW
RegDeleteKeyW
IsTokenRestricted
GetServiceKeyNameW
RegOpenKeyA
CloseServiceHandle
LockServiceDatabase
RegConnectRegistryW
GetSecurityDescriptorSacl

shell32

SHGetFolderLocation
SHGetFolderPathAndSubDirW
ExtractIconExW
SHFormatDrive
ShellExecuteW
SHSetLocalizedName
SHBrowseForFolderW
SHChangeNotify
ExtractIconA
SHGetSpecialFolderLocation
ShellAboutA
DragFinish
SHGetFolderPathA
SHAppBarMessage

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc850bd090d57f41faddbcf26f5e5bb6

Headers

File Characteristics

Imports

kernel32

ole32

advapi32

shell32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB