2ecde5e6a2f44bcba29920dc4982743f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ecde5e6a2f44bcba29920dc4982743f_JaffaCakes118
Size

116KB
MD5

2ecde5e6a2f44bcba29920dc4982743f
SHA1

fbcd70b64e5400fdca8c55b6e7e82df8b45cb70c
SHA256

c4803228b7c243458066af25edf7485aeab638c95ec3c28c1487400961cddbbb
SHA512

16b10ee1438738c77ca2d3aa8f8c35fd2b76e0671e443de4fb3515a90a40323b5cb602271cfaecdf6269ff102dbffe007e923f7b3880a61ca347fa35a1e43ef0
SSDEEP

1536:rhi3yHEue96QeRxfD+hmB21MzEsMrRU6m1loocZk8CK840F7DvgK+fqIecr:Vi3yk996Qet2aHMrG6mTyriF7s1qIe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ecde5e6a2f44bcba29920dc4982743f_JaffaCakes118

Files

2ecde5e6a2f44bcba29920dc4982743f_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5d81d4bb9e20f6786bd419081b78a04a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
UnmapViewOfFile
GetComputerNameA
GetProcAddress
CreateFileA
GetCurrentProcessId
InterlockedExchange
ReleaseMutex
CreateMutexA
LoadLibraryA
VirtualProtect
CloseHandle
DeleteFileA
EnterCriticalSection
ReadFile
CreateDirectoryA
InterlockedDecrement
CreateProcessA
GetTickCount
InterlockedIncrement
MapViewOfFile
GetModuleFileNameA
GlobalAlloc
CopyFileA
CreateThread
ExpandEnvironmentStringsA
GetLastError
LocalFree
GetProcessHeap
MoveFileA
LeaveCriticalSection
SetSystemTime
SetConsoleTextAttribute
GetFileAttributesW
GetConsoleOutputCP
FileTimeToLocalFileTime
SetHandleInformation
FlushConsoleInputBuffer
CreateIoCompletionPort
OpenFile
GetAtomNameW
DeleteCriticalSection
OpenThread
IsBadStringPtrA
GetLogicalDriveStringsA
GetLocalTime
ReadDirectoryChangesW
CreateDirectoryW
GetCommandLineA
SwitchToThread
GetEnvironmentStrings
GetLongPathNameW
SearchPathW
GetBinaryTypeW
FindCloseChangeNotification
GetCPInfo
IsBadReadPtr
OpenJobObjectW
LCMapStringW
lstrcmpiW
GetTimeFormatW
VerifyVersionInfoW
GetVolumeInformationW
IsWow64Process
FreeEnvironmentStringsW
DeleteFileW
CreateNamedPipeA
lstrcatW
SetNamedPipeHandleState
DeleteTimerQueueTimer
GetFileSize
GetSystemDirectoryA
WriteProfileStringA
GetNumberFormatW
FindClose
SetDefaultCommConfigW
CreateMailslotW
RemoveDirectoryW
GetEnvironmentVariableA
HeapLock
GetStringTypeExW
GlobalMemoryStatus
GlobalGetAtomNameW
GetEnvironmentStringsW
GetTimeFormatA
UnlockFile
GlobalMemoryStatusEx
SetHandleCount
FindNextFileA
GetVersion
GetFileTime
GetProfileIntW
UnregisterWaitEx
GetThreadLocale
OpenProcess
SetFileTime
HeapDestroy
FindNextChangeNotification
CreateMailslotA
SetErrorMode
FindAtomA
GetStringTypeExA
GetCurrentThread
GetSystemWow64DirectoryW
GetTapeParameters
GetCompressedFileSizeW
WriteProcessMemory
GetStartupInfoW
LocalAlloc
GetComputerNameW
FileTimeToSystemTime
CreateNamedPipeW
lstrcpynA
WriteProfileStringW
lstrcmpiA
GlobalAddAtomA
GetCurrentDirectoryA
GetQueuedCompletionStatus
WaitForMultipleObjectsEx
ConnectNamedPipe
RegisterWaitForSingleObject
CreateRemoteThread
ReadConsoleInputW
OpenEventA
MapViewOfFileEx
HeapWalk
ReadConsoleA
GetDateFormatW
GlobalReAlloc
GetFullPathNameW
CreateEventA
RtlUnwind
ReadConsoleW
HeapSetInformation
GetLogicalDriveStringsW
EscapeCommFunction
TerminateProcess
LockFile
SetStdHandle
SetEndOfFile
SetInformationJobObject
GetFileSizeEx
FindResourceExW
UnregisterWait
GetSystemTimeAdjustment
VirtualQueryEx
lstrcatA
IsValidLocale
FreeConsole
GetDriveTypeA
SizeofResource
FreeResource
QueryPerformanceFrequency
GetUserDefaultUILanguage
IsBadStringPtrW
GetConsoleCP
GetProfileIntA
GetCurrentDirectoryW
FindFirstFileExW
VirtualAllocEx

user32

GetMenuStringW
GetWindowRgn
ReplyMessage
WaitMessage
TranslateMessage
CopyAcceleratorTableA
TrackPopupMenu
FindWindowExW
GetDlgItemInt
UnregisterHotKey
GetMessageW
DeleteMenu
UnhookWindowsHook
SetWindowContextHelpId
GetComboBoxInfo
SetScrollPos
LoadAcceleratorsA
IsRectEmpty
GetWindowPlacement
CheckDlgButton
DialogBoxIndirectParamA
LookupIconIdFromDirectory
WinHelpA
DefMDIChildProcA
LoadStringA
FlashWindow
DialogBoxParamW
GetNextDlgTabItem
AdjustWindowRect
OpenWindowStationW
RegisterWindowMessageA
PeekMessageW
IsWindowEnabled
SystemParametersInfoW
CopyAcceleratorTableW
OpenWindowStationA
IsCharAlphaW
LoadBitmapW
InsertMenuA
CreateIconFromResourceEx
DialogBoxIndirectParamW
SetThreadDesktop
PtInRect
IsChild
DispatchMessageW
DestroyCaret
SetSysColors
CallMsgFilterW
PostMessageW
CheckMenuItem
IsWindow
ToAscii
UpdateLayeredWindow
SetMenuItemInfoA
GetWindowRect
GetMessageExtraInfo
RegisterHotKey
CharUpperA
RemovePropW
EqualRect
UnregisterClassA
ChangeDisplaySettingsExW
SetCapture
MsgWaitForMultipleObjectsEx
CreateDialogIndirectParamW
IsMenu
MonitorFromWindow
CharUpperBuffW
GetMonitorInfoA
SetTimer
EnumWindowStationsW
InsertMenuItemW
OpenIcon
DrawTextExW
MapDialogRect
OffsetRect
GetShellWindow
SendDlgItemMessageA
MessageBoxExA
LoadIconA
DrawFrameControl
EndPaint
CopyRect
SetDlgItemTextW
SetScrollRange
PostMessageA
GetDlgItemTextW
GetUpdateRect
CreatePopupMenu
GetMenuStringA
SetWindowsHookExW
ModifyMenuA
SendDlgItemMessageW
InvalidateRect
CreateDialogIndirectParamA
GetAncestor
GetActiveWindow
GetCapture
FreeDDElParam
AttachThreadInput
GetWindow
LoadCursorW
MessageBoxA
FindWindowExA
GetClassInfoExW
GetMenuItemRect
LoadMenuW
wsprintfW
LoadImageW
GetAsyncKeyState
InsertMenuItemA
AllowSetForegroundWindow
ScrollDC
DrawIcon
SystemParametersInfoA
GetClassLongA
SubtractRect
CreateMenu
CharToOemA
GetClassNameA
PeekMessageA
CreateWindowExA
SendMessageA
CallNextHookEx
DefWindowProcA
RegisterClassExA
GetWindowThreadProcessId
FindWindowA
SetWindowsHookExA

shlwapi

StrCmpNIA
PathIsDirectoryW
PathIsRelativeW
SHAutoComplete
PathFindExtensionW
StrChrW
PathIsUNCServerW
PathFindFileNameA
PathCompactPathExW
PathGetCharTypeA
StrDupW
PathAddExtensionW
SHRegSetPathW
UrlEscapeW
StrCmpW
SHRegSetUSValueW
AssocQueryStringW
PathAddBackslashW
wnsprintfA
PathStripToRootW
StrStrIA
PathFileExistsW
UrlUnescapeW
SHDeleteKeyA
PathRemoveArgsW

shell32

ShellExecuteExW
SHGetDesktopFolder
ExtractIconA
SHGetPathFromIDListW
SHGetFolderPathW
SHGetFileInfoW
CommandLineToArgvW
SHGetSpecialFolderLocation
SHOpenFolderAndSelectItems
ExtractIconExW
SHGetSpecialFolderPathW
SHAddToRecentDocs
ExtractIconW
DragQueryFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d81d4bb9e20f6786bd419081b78a04a

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

shell32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB