2d4ff26b005e729d5d9de2a456cde5c3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2d4ff26b005e729d5d9de2a456cde5c3_JaffaCakes118
Size

844KB
MD5

2d4ff26b005e729d5d9de2a456cde5c3
SHA1

1b913872a56f6a536a9e8bef89ef382c0823fee4
SHA256

68e13e414e5e857f60ae60d5cb0a0226577905e08bc766a46e1afd5769758a69
SHA512

b3132fb4f7131f99872c71a03d54fb67f90b11b381e22ed36202dbe7b557acf0a766823e0a9a3a6f0c3d31e5a72388c7f1cc138dc8b42f95f472d39ec2f9764e
SSDEEP

12288:3/heLhXroV+xwZr3cojxomBaeaLVt8UDWTkowdpnzva8O:vwXroV+xKrqfeaLVgThsW8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d4ff26b005e729d5d9de2a456cde5c3_JaffaCakes118

Files

2d4ff26b005e729d5d9de2a456cde5c3_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a1e8b7d474f5e1e234822f1058ba8cfe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

NdrClientCall2
RpcBindingFree
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcStringFreeA

kernel32

GetComputerNameA
GetACP
LocalFree
OpenProcess
TerminateProcess
GetCurrentThread
DuplicateHandle
CreateMutexA
ReleaseMutex
FlushFileBuffers
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
FormatMessageA
WaitForMultipleObjects
OpenEventA
ExpandEnvironmentStringsA
GetVolumeInformationA
GetVersionExA
RemoveDirectoryA
DeviceIoControl
FileTimeToSystemTime
CreateDirectoryA
GetWindowsDirectoryA
GetProcessHeap
GetFullPathNameA
GetShortPathNameA
GetNumberFormatA
GetLocaleInfoA
GetTimeZoneInformation
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
HeapReAlloc
VirtualAlloc
VirtualFree
ExitProcess
GetStdHandle
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetDateFormatA
GetTimeFormatA
RaiseException
GetDriveTypeA
FileTimeToLocalFileTime
CreateThread
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
GetLocalTime
GetCurrentProcess
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
lstrlenA
WideCharToMultiByte
InterlockedDecrement
DisableThreadLibraryCalls
GetCurrentProcessId
SetLastError
ResetEvent
GetModuleHandleA
SetThreadPriority
TerminateThread
GetFileTime
SetFileTime
OutputDebugStringA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
GetFileSize
GetCurrentDirectoryA
SetCurrentDirectoryA
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
FindNextFileA
FindClose
GetLastError
InitializeCriticalSection
CreateEventA
ResumeThread
SetEvent
InterlockedIncrement
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
DeleteCriticalSection
GetDiskFreeSpaceA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
MoveFileA
DeleteFileA
GetVersion
GetSystemDirectoryA
GetTickCount
MultiByteToWideChar
WriteFile
CreateFileA
ReadFile
SetFilePointer
CloseHandle
VirtualProtect
GetModuleFileNameA
SetEnvironmentVariableA

user32

ExitWindowsEx
wsprintfA
GetForegroundWindow
LoadImageA
PostMessageA
GetCursorPos
SetWindowLongA
IsWindow
DefWindowProcA
GetWindowLongA
GetSystemMetrics
PostQuitMessage
UnregisterHotKey
RegisterHotKey
LoadIconA
LoadCursorA
ToAsciiEx
GetKeyboardLayout
CreatePopupMenu
AppendMenuA
TrackPopupMenu
DestroyMenu
EnumDisplaySettingsA
SetTimer
EnumWindows
GetKeyNameTextA
GetKeyState
GetAsyncKeyState
FindWindowA
GetWindowThreadProcessId
OpenDesktopA
OpenInputDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
GetUserObjectInformationA
SetThreadDesktop
SetProcessWindowStation
CloseDesktop
CloseWindowStation
MessageBoxA
LoadStringA
SendMessageA
DialogBoxParamA
SetWindowTextA
SetDlgItemTextA
SetPropA
SetForegroundWindow
EndDialog
PostThreadMessageA
GetClassNameA
GetWindowRect
GetDC
ReleaseDC
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
DestroyWindow
UnregisterClassA
RegisterClassA
CreateWindowExA

gdi32

CreateDIBSection
DeleteObject
GetDeviceCaps
CreateCompatibleDC
GdiFlush
BitBlt
SelectObject
CreateCompatibleBitmap
CreateDCA
GetStockObject
DeleteDC

advapi32

ImpersonateLoggedOnUser
DuplicateToken
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
OpenProcessToken
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
LookupAccountSidA
GetTokenInformation
GetSidLengthRequired
InitiateSystemShutdownA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
LogonUserA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetKeySecurity
RegOpenKeyExA
RegGetKeySecurity
RevertToSelf
LookupPrivilegeValueA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA
SHLoadInProc

ole32

StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SafeArrayLock
SafeArrayCreate
VariantInit
VariantClear
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
SysFreeString
SysAllocStringLen
SafeArrayUnlock

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IAlloc
QueueMemory

Sections

.text
Size: 500KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1e8b7d474f5e1e234822f1058ba8cfe

Headers

File Characteristics

Imports

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 500KB - Virtual size: 497KB

.rdata Size: 232KB - Virtual size: 230KB

.data Size: 60KB - Virtual size: 59KB

.shared Size: 4KB - Virtual size: 1000B

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 36KB - Virtual size: 32KB

.text
Size: 500KB - Virtual size: 497KB

.rdata
Size: 232KB - Virtual size: 230KB

.data
Size: 60KB - Virtual size: 59KB

.shared
Size: 4KB - Virtual size: 1000B

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 36KB - Virtual size: 32KB