33661ddde23681002d56463d3f7a6a85_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33661ddde23681002d56463d3f7a6a85_JaffaCakes118
Size

108KB
MD5

33661ddde23681002d56463d3f7a6a85
SHA1

44544e7c8b84fb23bd136b523d4935e07fd127c3
SHA256

d14ea6e8b7bd37035820c2ae410f2985cc56ada1a194274580534cfda2df2c32
SHA512

461d6d493cef06bb241dbd8564df4cad9b3454c1a134fb58459b236472eb5733d9cc35f227a2f3740a2916cc131cbd9d217693cb6af41902f96da342b1121558
SSDEEP

3072:TY+KCmQ2u5A2lkKOekb2DJbrL6nCXPOKQFgUbJVHoYn:gS5AKFmCXP3Q9oYn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33661ddde23681002d56463d3f7a6a85_JaffaCakes118

Files

33661ddde23681002d56463d3f7a6a85_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c590b8dbb0b8ee86aa772c289c9808a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetSystemTime
PeekConsoleInputW
RaiseException
WriteProfileStringW
GetThreadTimes
QueueUserAPC
SetFilePointerEx
DuplicateHandle
GetStringTypeW
VerifyVersionInfoA
LockFileEx
FindNextChangeNotification
FlushFileBuffers
SearchPathA
lstrcatA
SetEndOfFile
OpenEventW
GetSystemTime
CreateRemoteThread
GetFileType
DosDateTimeToFileTime
UnlockFileEx
GetModuleHandleExW
HeapValidate
GetTempPathW
IsValidCodePage
GetExitCodeProcess
GetEnvironmentVariableA
EnumResourceLanguagesW
IsProcessorFeaturePresent
LocalLock
SetHandleInformation
GetThreadPriority
CreateProcessW
GetUserDefaultLangID
ReadConsoleInputA
GlobalGetAtomNameA
SetConsoleTextAttribute
WinExec
GlobalFindAtomW
HeapCreate
DeleteCriticalSection
EnumResourceNamesW
CreateDirectoryW
GetFileTime
SetEnvironmentVariableA
GetProfileStringW
HeapSetInformation
WaitForMultipleObjectsEx
GetUserDefaultLCID
FindFirstVolumeMountPointW
WriteFileEx
GetCompressedFileSizeW
ExitProcess
LocalReAlloc
SuspendThread
FindNextVolumeW
CreateWaitableTimerW
GetWindowsDirectoryW
GetDiskFreeSpaceA
CopyFileExW
GetProcessVersion
GetProcessAffinityMask
HeapSize
LocalFileTimeToFileTime
CopyFileW
GetBinaryTypeA
SetHandleCount
FindVolumeMountPointClose
ExpandEnvironmentStringsW
GetQueuedCompletionStatus
DeleteFileW
ReadDirectoryChangesW
UnregisterWaitEx
GetProfileIntA
GetSystemInfo
WriteConsoleA
CompareStringW
FreeEnvironmentStringsW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GlobalMemoryStatusEx
SetDefaultCommConfigW
GlobalReAlloc
AreFileApisANSI
CreateMailslotW
GetStartupInfoA
GetBinaryTypeW
lstrcpyW
SetConsoleCtrlHandler
lstrcmpiA
GetLocaleInfoW
FlushConsoleInputBuffer
GlobalHandle
SetWaitableTimer
SetTimeZoneInformation
GetTempPathA
GetFileAttributesW
WriteProfileStringA
CreateSemaphoreA
GetCPInfo
WaitForMultipleObjects
SetConsoleTitleA
GetVersionExA
CreateJobObjectW
MoveFileExW
GetModuleHandleW
GetCommandLineW
ReplaceFileW
DisconnectNamedPipe
GetVolumeInformationA
ReadConsoleA
GetEnvironmentStringsW
GetFullPathNameW
SetEnvironmentVariableW
SetConsoleMode
OpenSemaphoreW
FindResourceExA
DeleteTimerQueueTimer
FindAtomW
GetNumberFormatW
SetFileApisToOEM
GetStringTypeExW
CloseHandle
GetProcessHeap
VirtualProtect
GetLastError
CreateFileMappingA
CopyFileA
CreateFileA
VirtualQuery
WaitForSingleObject
GetComputerNameA
GetSystemTimeAsFileTime
ReadFile
GetCurrentProcessId
GetProcAddress
LocalFree
MoveFileA
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
UnmapViewOfFile
WriteFile
CreateProcessA
GetModuleHandleA
HeapAlloc
HeapFree
InterlockedDecrement
InitializeCriticalSection
DeleteFileA
InterlockedExchange
CreateMutexA
CreateThread
GetTickCount
GetConsoleScreenBufferInfo
LoadLibraryA

ole32

CreatePointerMoniker
CreateAntiMoniker
GetHGlobalFromStream
MkParseDisplayName
IIDFromString
CoImpersonateClient
RegisterDragDrop
CoEnableCallCancellation
OleDuplicateData
CoFreeUnusedLibraries
BindMoniker
StgOpenStorageEx
CoReleaseMarshalData
CoCreateInstanceEx
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
StgOpenStorageOnILockBytes
CreateBindCtx
CoDisconnectObject
CoGetObjectContext
CoGetClassObject
RevokeDragDrop
CoTaskMemRealloc
OleLoadFromStream
OleDestroyMenuDescriptor
OleRegGetUserType
CreateDataAdviseHolder
OleCreateLink
CoSwitchCallContext
OleCreate
CoInitialize
OleSetContainedObject
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
PropVariantCopy

user32

LoadCursorA
IsDialogMessageA
DestroyIcon
CallWindowProcW
EndDeferWindowPos
SetScrollPos
AllowSetForegroundWindow
GetLastActivePopup
DefFrameProcA
ScrollWindow
SetMenuItemInfoA
GetWindowInfo
EnumWindows
RemovePropA
EnumThreadWindows
GetClassInfoExA
MonitorFromPoint
DestroyWindow
CharToOemW
HideCaret
InvertRect
GetMenuDefaultItem
SetSysColors
CreatePopupMenu
DrawTextA
CharToOemBuffA
InsertMenuItemA
UnregisterHotKey
GetCursor
GetClassInfoW
PostMessageA
GetMenuItemID
DialogBoxParamA
GetMenuState
GetIconInfo
DefDlgProcA
ToAsciiEx
ClientToScreen
UnregisterClassW
WaitForInputIdle
GetShellWindow
CallWindowProcA
GetDC
SetDlgItemTextA
GetMenuCheckMarkDimensions
ReleaseDC
CreateIconIndirect
GetWindowTextA
DefDlgProcW
CallMsgFilterW
LoadAcceleratorsA
PeekMessageW
GetGUIThreadInfo
IsWindowEnabled
ReleaseCapture
CopyImage
GetMenuItemInfoW
GetFocus
DrawIcon
TabbedTextOutA
MessageBoxA
AdjustWindowRectEx
SetCaretPos
GetDlgItem
GetParent
SetProcessWindowStation
GetInputState
ShowCursor
CloseWindowStation
DestroyCaret
SetParent
IntersectRect
ValidateRect
RegisterWindowMessageW
WindowFromPoint
ChildWindowFromPointEx
SetWindowLongW
wsprintfA
FindWindowExA
CharPrevW
ToAscii
SetTimer
MessageBeep
ShowOwnedPopups
MessageBoxW
DrawMenuBar
GetMenu
TranslateAcceleratorW
DeferWindowPos
SetMenuItemBitmaps
GetKeyNameTextA
AppendMenuA
PostQuitMessage
GetUserObjectInformationA
DialogBoxIndirectParamW
DefFrameProcW
KillTimer
InvalidateRgn
InsertMenuW
GetClassInfoExW
UnionRect
DrawTextExA
CheckMenuRadioItem
CheckMenuItem
AttachThreadInput
GetCapture
BeginPaint
DrawEdge
GetSysColorBrush
GetDesktopWindow
SetWindowLongA
CallNextHookEx
FindWindowA
GetWindowLongA
GetWindowThreadProcessId
UnhookWindowsHookEx
CreateWindowExA
DispatchMessageA
DefWindowProcA
SendMessageA

advapi32

LookupAccountNameA
EnumDependentServicesA
RegOpenKeyW
RegCreateKeyA
RegOpenKeyA
RegQueryValueW
RegSaveKeyA
OpenEventLogW
RegEnumValueW
GetOldestEventLogRecord
DuplicateTokenEx
RegDeleteKeyW
QueryServiceConfigW
RegisterServiceCtrlHandlerW
GetServiceDisplayNameW
RegConnectRegistryA
RegSetValueW
RegUnLoadKeyA
RegEnumKeyW
RegRestoreKeyA
CloseEventLog
NotifyChangeEventLog
ClearEventLogW
SetEntriesInAclA
QueryServiceLockStatusW
ImpersonateAnonymousToken
RegEnumKeyExW
DeregisterEventSource
GetUserNameA
RegSetValueA
CreateProcessWithLogonW
MakeSelfRelativeSD
IsTextUnicode
DuplicateToken
GetAclInformation
RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetNamedSecurityInfoA
RegSetValueExA
RegQueryValueExW

shell32

SHGetFolderPathA
SHBindToParent
SHAddToRecentDocs
DragQueryFileW
DragQueryFileA
ShellExecuteExA
SHGetSpecialFolderPathA
SHGetInstanceExplorer
SHGetFolderPathW
SHGetFileInfoW
SHChangeNotify
SHGetDesktopFolder

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c590b8dbb0b8ee86aa772c289c9808a7

Headers

File Characteristics

Imports

kernel32

ole32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB