32b581f1e4066f98e5382332edf476c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

32b581f1e4066f98e5382332edf476c9_JaffaCakes118
Size

590KB
MD5

32b581f1e4066f98e5382332edf476c9
SHA1

f886c80d26d98a5d2175d3a9711104e18052d129
SHA256

55908834d207e7b4e6fb558ea956411188b4570fb661d879218fde36ce264e87
SHA512

efc014d45cfa0d58bd460d795f8f4f7a6f2492979bea0d38e4369be8834e166312354888a68969d9077a6f6255c4f40997745fcd310a176f29b805847e24b558
SSDEEP

12288:2CGr1GT3fUq8nek2JxvDxsoOy02lBhWfFuizuBH5PRXNgK0kQ03chefTuvOZ+vTm:SrITvRBLaoOmbWfFuNZZNgj30shefTtZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32b581f1e4066f98e5382332edf476c9_JaffaCakes118

Files

32b581f1e4066f98e5382332edf476c9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

408b4de02116abfa30b0f167506863bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shfolder

SHGetFolderPathA

ws2_32

gethostbyaddr
WSAStartup

wininet

InternetCloseHandle
InternetCrackUrlA

kernel32

CompareStringA
CompareStringW
SetFilePointer
ReadFile
GetFileSize
DeleteFileA
WaitForSingleObject
CreateProcessA
Sleep
GetVolumeInformationA
InterlockedDecrement
InterlockedIncrement
SetEvent
CreateEventA
lstrcatA
ReleaseMutex
SetEndOfFile
CreateMutexA
GetSystemDirectoryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc
FindResourceExA
GetSystemInfo
GetModuleHandleA
FlushFileBuffers
OpenFile
GetTempPathA
GetModuleFileNameA
OpenEventA
VirtualProtect
FlushInstructionCache
GetCurrentProcess
SetLastError
GetCurrentThreadId
LocalFree
LocalAlloc
FormatMessageA
GlobalAlloc
InterlockedCompareExchange
SetWaitableTimer
CreateWaitableTimerA
lstrcpynA
lstrcpyA
ExitProcess
FreeLibraryAndExitThread
TerminateThread
GetExitCodeThread
lstrcpyW
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
CopyFileA
OpenMutexA
GetShortPathNameA
CreateThread
LeaveCriticalSection
EnterCriticalSection
lstrlenA
SetErrorMode
SetUnhandledExceptionFilter
GetTickCount
MoveFileA
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
OpenFileMappingA
MoveFileExA
OpenSemaphoreA
CreateDirectoryA
FindCloseChangeNotification
FindClose
CompareFileTime
GetFileTime
UpdateResourceA
EnumResourceLanguagesA
EnumResourceNamesA
lstrcmpiW
BeginUpdateResourceA
GetTempFileNameA
GetCurrentThread
DuplicateHandle
SetFileAttributesA
GetFileAttributesA
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
ExitThread
IsBadReadPtr
CancelWaitableTimer
OpenWaitableTimerA
GetSystemTime
ExpandEnvironmentStringsA
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetStdHandle
TlsGetValue
TlsSetValue
TlsFree
lstrcmpiA
TlsAlloc
QueryPerformanceCounter
IsBadWritePtr
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetSystemTimeAsFileTime
RtlUnwind
VirtualQuery
HeapSize
HeapDestroy
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FindResourceA
GetLastError
LoadResource
CloseHandle
LockResource
SizeofResource
CreateFileA
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadCodePtr
GetLocaleInfoW
SetEnvironmentVariableA
GetCurrentProcessId
EndUpdateResourceA

user32

GetWindowThreadProcessId
CharLowerA
wsprintfA
GetDlgItem
FindWindowExA
DefWindowProcA
SetPropA
GetPropA
MessageBoxA
FindWindowA
SendMessageTimeoutA
SetWindowsHookExA
CallNextHookEx
LoadStringW
SetWindowLongA
CreateDesktopA
GetSystemMetrics
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageA
GetDesktopWindow
RegisterClassExA
CreateWindowExA
wsprintfW
wvsprintfA
GetMessageA
DispatchMessageA
PostMessageA
GetWindowTextA
GetClassNameA
SetWindowPos
RemovePropA
LoadStringA
AttachThreadInput
GetActiveWindow
GetFocus
SetActiveWindow
GetForegroundWindow
GetKeyboardLayoutList
ActivateKeyboardLayout
GetKeyboardLayoutNameA

advapi32

RegEnumKeyA
LookupPrivilegeValueA
RegSetValueExA
RegDeleteKeyA
OpenSCManagerA
OpenServiceA
ControlService
ChangeServiceConfigA
RegQueryValueA
RegSetValueA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
SetEntriesInAclA
RegFlushKey
RegDeleteValueA
RegEnumValueA
SetThreadToken
SetTokenInformation
GetLengthSid
DuplicateTokenEx
OpenProcessToken
SetSecurityInfo
AdjustTokenPrivileges
SetNamedSecurityInfoA

ole32

CoInitializeEx
CoCreateGuid
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
CoMarshalInterface
CoUnmarshalInterface
OleRun
CoInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

SafeArrayCreateVector
VariantCopy
SysStringByteLen
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
VariantClear
SysFreeString
VariantInit
GetErrorInfo
SysAllocString
SysStringLen

shlwapi

StrStrA
PathAddBackslashA
PathRemoveExtensionA
PathFindFileNameA
SHDeleteValueA
StrRChrA
StrChrA
UrlEscapeA
StrStrIW
StrCmpNIA
SHDeleteKeyA
PathAddExtensionA
PathFindExtensionA
PathStripPathA
StrCmpW
StrCmpNW
StrStrIA
PathFileExistsA

urlmon

URLDownloadToFileA

secur32

InitSecurityInterfaceW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
InitSecurityInterfaceW
LsaApCallPackage
LsaApCallPackagePassthrough
LsaApCallPackageUntrusted
LsaApInitializePackage
LsaApLogonTerminated
LsaApLogonUser
LsaApLogonUserEx
SpInitialize
c
f
o
s

Sections

.text
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

408b4de02116abfa30b0f167506863bc

Headers

File Characteristics

Imports

shfolder

ws2_32

wininet

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

urlmon

secur32

Exports

Exports

Sections

.text Size: 426KB - Virtual size: 426KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 9KB - Virtual size: 35KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 426KB - Virtual size: 426KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 9KB - Virtual size: 35KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 33KB - Virtual size: 33KB