33802bdcc9bdcd1b1111459767720b4c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

33802bdcc9bdcd1b1111459767720b4c_JaffaCakes118
Size

84KB
MD5

33802bdcc9bdcd1b1111459767720b4c
SHA1

cf6bd4a48dbd6e50b733834955c5c55990919cec
SHA256

c02b8a9d049b39d0048bb941f78d88611ae20062a80c460647203350a3d7060e
SHA512

880e017dbc2c367071c2dcd87ebd6025244cdf1b6d46593eb05bd7416f2cbfa7796a2a302ddc2345203667732a702949b967e589e53d46c81b2b6e2fd09477d6
SSDEEP

1536:dPffrkVFMrhvChqsgDh5Rvo12TCk8kmkml6cSTqXzwhTyM6QKZk50VSsyRgX+J:JeFMrguh5+12TCk1mkmlLSTqXzwhTyMb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33802bdcc9bdcd1b1111459767720b4c_JaffaCakes118

Files

33802bdcc9bdcd1b1111459767720b4c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7050c0191a8228d3826c9a06726f5740

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\OOO330\ooo\sal\wntmsci12.pro\bin\uwinapi.pdb

Imports

kernel32

CloseHandle
WriteFile
ReadFile
SetEndOfFile
GetLastError
GetFileSize
CreateFileA
GetLogicalDriveStringsA
FindClose
FindFirstFileA
IsBadStringPtrA
LoadLibraryA
GetVersion
GetCurrentProcessId
GetCurrentProcess
GetModuleHandleA
GetUserDefaultLCID
DeleteFileA
GetDiskFreeSpaceA
CopyFileA
MoveFileA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetShortPathNameA
TerminateProcess
LocalFree
FormatMessageA
DisableThreadLibraryCalls
FreeLibrary
CompareStringA
InterlockedExchange
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GlobalAlloc
GetModuleFileNameA
GetEnvironmentVariableA
SetLastError
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
Sleep
GetSystemTimeAsFileTime

user32

MessageBoxA
DrawStateA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msvcr90

memcpy
strncpy
memset
_mbsnbcpy
_mbsrchr
_mbsinc
_vscprintf
_vsnprintf
_vscwprintf
_vsnwprintf
_mbslen
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
strrchr
wcsrchr

shlwapi

PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathIsFileSpecA
PathIsUNCA
PathRemoveExtensionA
PathRemoveFileSpecA
PathSetDlgItemPathA
PathStripToRootA
PathAddBackslashA
PathCompactPathExA

Exports

Exports

AddAtomW
AddFontResourceW
AddJobW
AddPortW
AddPrintProcessorW
AddPrintProvidorW
AddPrinterDriverW
AddPrinterW
AdvancedDocumentPropertiesW
AppendMenuW
BeginUpdateResourceW
BroadcastSystemMessageW
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallMsgFilterW
CallNamedPipeW
CallWindowProcA
CallWindowProcW
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuW
CharLowerBuffW
CharLowerW
CharNextW
CharPrevW
CharToOemBuffW
CharToOemW
CharUpperBuffW
CharUpperW
ChooseColorW
ChooseFontW
CommConfigDialogW
CommandLineToArgvW
CompareStringW
ConfigurePortW
CopyAcceleratorTableW
CopyEnhMetaFileW
CopyFileExA
CopyFileExW
CopyFileW
CopyMetaFileW
CreateAcceleratorTableW
CreateColorSpaceW
CreateDCW
CreateDialogIndirectParamW
CreateDialogParamW
CreateDirectoryExW
CreateDirectoryW
CreateEnhMetaFileW
CreateEventW
CreateFileMappingW
CreateFileW
CreateFontIndirectW
CreateFontW
CreateICW
CreateMDIWindowW
CreateMailslotW
CreateMetaFileW
CreateMutexW
CreateProcessW
CreateScalableFontResourceW
CreateSemaphoreW
CreateStdAccessibleProxyW
CreateToolhelp32Snapshot
CreateWaitableTimerW
CreateWindowExW
DdeConnect
DdeConnectList
DdeCreateStringHandleW
DdeInitializeW
DdeQueryConvInfo
DdeQueryStringW
DefDlgProcW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteFileW
DeleteMonitorW
DeletePortW
DeletePrintProcessorW
DeletePrintProvidorW
DeletePrinterDriverW
DeleteVolumeMountPointA
DeleteVolumeMountPointW
DialogBoxIndirectParamW
DialogBoxParamW
DispatchMessageW
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExW
DlgDirSelectExW
DllGetVersion
DragQueryFileW
DrawStateW
DrawTextExW
DrawTextW
EnableWindow
EndUpdateResourceW
EnumCalendarInfoExW
EnumCalendarInfoW
EnumClipboardFormats
EnumDateFormatsExW
EnumDateFormatsW
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumFontFamiliesExW
EnumFontFamiliesW
EnumFontsW
EnumICMProfilesW
EnumProcesses
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumSystemCodePagesW
EnumSystemLocalesW
EnumTimeFormatsW
ExpandEnvironmentStringsW
ExtTextOutW
ExtractIconExW
ExtractIconW
FatalAppExitW
FillConsoleOutputCharacterW
FindAtomW
FindFirstChangeNotificationW
FindFirstFileW
FindFirstVolumeA
FindFirstVolumeMountPointA
FindFirstVolumeMountPointW
FindFirstVolumeW
FindNextFileW
FindNextVolumeA
FindNextVolumeMountPointA
FindNextVolumeMountPointW
FindNextVolumeW
FindResourceExW
FindResourceW
FindTextW
FindVolumeClose
FindVolumeMountPointClose
FindWindowExW
FindWindowW
FormatMessageW
FreeEnvironmentStringsW
GetAltTabInfoW
GetAtomNameW
GetCPInfo
GetCPInfoExW
GetCalendarInfoW
GetCharABCWidthsW
GetCharWidthFloatW
GetCharWidthW
GetCharacterPlacementW
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClipboardData
GetClipboardFormatNameW
GetComputerNameW
GetConsoleTitleW
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentHwProfileW
GetDateFormatW
GetDefaultCommConfigW
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDlgItemTextW
GetDriveTypeW
GetEnhMetaFileDescriptionW
GetEnhMetaFileW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesExW
GetFileAttributesW
GetFileTitleW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFullPathNameW
GetGlyphOutlineW
GetICMProfileW
GetKerningPairsW
GetKeyNameTextW
GetKeyboardLayoutNameW
GetLocaleInfoW
GetLogColorSpaceW
GetLogicalDriveStringsW
GetLongPathNameA
GetLongPathNameW
GetMenuItemInfoW
GetMenuStringW
GetMessageW
GetMetaFileW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleFileNameW
GetModuleHandleW
GetMonitorInfoW
GetNamedPipeHandleStateW
GetNumberFormatW
GetObjectW
GetOpenFileNamePreviewW
GetOpenFileNameW
GetOutlineTextMetricsW
GetPrintProcessorDirectoryW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetPrivateProfileStructW
GetProcessId
GetProfileIntW
GetProfileSectionW
GetProfileStringW
GetPropA
GetPropW
GetRoleTextW
GetSaveFileNamePreviewW
GetSaveFileNameW
GetShortPathNameW
GetStartupInfoW
GetStateTextW
GetStringTypeExW
GetStringTypeW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTabbedTextExtentW
GetTempFileNameW
GetTempPathW
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextExtentPointW
GetTextFaceW
GetTextMetricsW
GetTimeFormatW
GetUserDefaultUILanguage
GetUserDomainA
GetUserDomainW
GetUserNameW
GetVersionExW
GetVersionInfo
GetVolumeInformationW
GetVolumeNameForVolumeMountPointA
GetVolumeNameForVolumeMountPointW
GetVolumePathNameA
GetVolumePathNameW
GetWindowLongA
GetWindowLongW
GetWindowModuleFileNameW
GetWindowTextLengthW
GetWindowTextW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalFindAtomW
GlobalGetAtomNameW
GrayStringW
InsertMenuItemW
InsertMenuW
IsBadStringPtrW
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerW
IsCharUpperW
IsClipboardFormatAvailable
IsDestinationReachableW
IsDialogMessageW
IsTextUnicode
IsValidCodePage
IsWindowUnicode
LCMapStringW
LoadAcceleratorsW
LoadBitmapW
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageW
LoadKeyboardLayoutW
LoadLibraryExW
LoadLibraryW
LoadMenuIndirectW
LoadMenuW
LoadStringW
MapVirtualKeyExW
MapVirtualKeyW
MessageBoxExW
MessageBoxIndirectW
MessageBoxW
ModifyMenuW
Module32First
Module32FirstW
Module32Next
Module32NextW
MoveFileExA
MoveFileExW
MoveFileW
MultiByteToWideChar
MultinetGetConnectionPerformanceW
OemToCharBuffW
OemToCharW
OpenEventW
OpenFileMappingW
OpenMutexW
OpenPrinterW
OpenSemaphoreW
OpenWaitableTimerW
OutputDebugStringW
PageSetupDlgW
PathAddBackslashW
PathCompactPathExW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathIsFileSpecW
PathIsUNCW
PathRemoveExtensionW
PathRemoveFileSpecW
PathSetDlgItemPathW
PathStripToRootW
PeekConsoleInputW
PeekMessageW
PlaySoundW
PostMessageW
PostThreadMessageW
PrintDlgW
Process32First
Process32FirstW
Process32Next
Process32NextW
QueryDosDeviceW
RasConnectionNotificationW
RasCreatePhonebookEntryW
RasDeleteEntryW
RasDeleteSubEntryW
RasEditPhonebookEntryW
RasEnumConnectionsW
RasEnumDevicesW
RasEnumEntriesW
RasGetConnectStatusW
RasGetEntryDialParamsW
RasGetEntryPropertiesW
RasGetErrorStringW
RasHangUpW
RasRenameEntryW
RasSetEntryDialParamsW
RasSetEntryPropertiesW
RasSetSubEntryPropertiesW
RasValidateEntryNameW
ReadConsoleInputW
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ReadConsoleW
RegConnectRegistryW
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryMultipleValuesW
RegQueryValueExW
RegQueryValueW
RegReplaceKeyW
RegSaveKeyW
RegSetValueExW
RegSetValueW
RegUnLoadKeyW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterWindowMessageW
RemoveDirectoryW
RemoveFontResourceW
RemovePropA
RemovePropW
ReplaceTextW
ResetDCW
SHBrowseForFolderW
SHChangeNotify
SHCreateItemFromParsingName
SHFileOperationW
SHGetFileInfoW
SHGetNewLinkInfoW
SHGetPathFromIDListW
ScrollConsoleScreenBufferW
SearchPathW
SendDlgItemMessageW
SendMessageCallbackW
SendMessageTimeoutW
SendMessageW
SendNotifyMessageW
SetCalendarInfoW
SetClassLongW
SetComputerNameW
SetConsoleTitleW
SetCurrentDirectoryW
SetDefaultCommConfigW
SetDlgItemTextW
SetEnvironmentVariableW
SetFileAttributesW
SetICMProfileW
SetJobW
SetLocaleInfoW
SetMenuItemInfoW
SetPrinterDataW
SetPrinterW
SetPropA
SetPropW
SetVolumeLabelW
SetVolumeMountPointA
SetVolumeMountPointW
SetWindowLongA
SetWindowLongW
SetWindowTextW
SetWindowsHookExW
SetWindowsHookW
ShellAboutW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
StartDocPrinterW
StartDocW
SystemParametersInfoW
TabbedTextOutW
TextOutW
TranslateAcceleratorW
UnregisterClassW
UpdateResourceW
VerFindFileW
VerInstallFileW
VerLanguageNameW
VerQueryValueW
VkKeyScanExW
VkKeyScanW
WNetAddConnection2W
WNetAddConnection3W
WNetAddConnectionW
WNetCancelConnection2W
WNetCancelConnectionW
WNetConnectionDialog1W
WNetDisconnectDialog1W
WNetEnumResourceW
WNetGetConnectionW
WNetGetLastErrorW
WNetGetNetworkInformationW
WNetGetProviderNameW
WNetGetResourceInformationW
WNetGetResourceParentW
WNetGetUniversalNameW
WNetGetUserW
WNetOpenEnumW
WNetUseConnectionW
WaitNamedPipeW
WideCharToMultiByte
WinHelpW
WriteConsoleInputW
WriteConsoleOutputCharacterW
WriteConsoleOutputW
WriteConsoleW
WritePrivateProfileSectionW
WritePrivateProfileStringW
WritePrivateProfileStructW
WriteProfileSectionW
WriteProfileStringW
_CheckTokenMembership@12
advapi32_CheckTokenMembership_Ptr
capCreateCaptureWindowW
capGetDriverDescriptionW
kernel32_CopyFileExA_Ptr
kernel32_CopyFileExW_Ptr
kernel32_CreateToolhelp32Snapshot_Ptr
kernel32_DeleteVolumeMountPointA_Ptr
kernel32_DeleteVolumeMountPointW_Ptr
kernel32_FindFirstVolumeA_Ptr
kernel32_FindFirstVolumeMountPointA_Ptr
kernel32_FindFirstVolumeMountPointW_Ptr
kernel32_FindFirstVolumeW_Ptr
kernel32_FindNextVolumeA_Ptr
kernel32_FindNextVolumeMountPointA_Ptr
kernel32_FindNextVolumeMountPointW_Ptr
kernel32_FindNextVolumeW_Ptr
kernel32_FindVolumeClose_Ptr
kernel32_FindVolumeMountPointClose_Ptr
kernel32_GetDiskFreeSpaceExA_Ptr
kernel32_GetDiskFreeSpaceExW_Ptr
kernel32_GetLogicalDriveStringsW_Ptr
kernel32_GetLongPathNameA_Ptr
kernel32_GetLongPathNameW_Ptr
kernel32_GetProcessId_Ptr
kernel32_GetUserDefaultUILanguage_Ptr
kernel32_GetUserDomainA_Ptr
kernel32_GetUserDomainW_Ptr

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7050c0191a8228d3826c9a06726f5740

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

version

msvcr90

shlwapi

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB