37828c8af355912e5226bf73dbd1b040_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37828c8af355912e5226bf73dbd1b040_JaffaCakes118
Size

432KB
MD5

37828c8af355912e5226bf73dbd1b040
SHA1

61f8a6039090a4f5cccfa5d4d3ce310ecc47800b
SHA256

97d0d472191cc941ade6f8f3dbda2d853c5f29487250b265186242ed85e5e9e4
SHA512

04a86a56de7c2301e57686de4814a88f2fa626c96aa1c9a7268251c534c0890c5de4e0e8c8ae3caac2de8cf8a7a6e0467bd4460c5ac249efa39fd42235a319d9
SSDEEP

12288:MEOENP2PnAv/m9XllzRuTJfOxPYnRGfl:XPNePnAvkXnzcfqPYIl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37828c8af355912e5226bf73dbd1b040_JaffaCakes118

Files

37828c8af355912e5226bf73dbd1b040_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2f51ad22b1b762d8cd02eadeda71301e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GdiArtificialDecrementDriver
GetCurrentObject
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
EnumFontsW
GdiPlayJournal
GetCharABCWidthsFloatW
FixBrushOrgEx
EndDoc
GetCharacterPlacementW
GetDeviceGammaRamp
GetMetaFileW
BitBlt
CopyMetaFileW
CreatePen
DeleteObject
GetLayout
LineTo
MoveToEx
SelectObject
SetBkColor
SetTextColor
CheckColorsInGamut
CreateFontW
CreateDIBSection
CreateFontIndirectA
EndPage
EudcLoadLinkW
GdiResetDCEMF
GetDeviceCaps
GetTextMetricsA
SetAbortProc
SetMapMode
SetWindowExtEx
StartDocA
StartDocW
StartPage

kernel32

CloseHandle
CreateFileW
CreateThread
DeleteFileW
DuplicateHandle
ExitProcess
FlushConsoleInputBuffer
FreeLibrary
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetPrivateProfileSectionW
GetProcAddress
GetSystemTime
GetTempFileNameW
GetTickCount
GlobalGetAtomNameW
HeapDestroy
InitializeCriticalSectionAndSpinCount
LoadLibraryW
LocalFree
MoveFileExW
OpenEventW
ReadFile
SetEvent
SetFilePointer
SetPriorityClass
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteProfileStringW
lstrcmpiW
lstrcpyW
lstrlenW
InterlockedCompareExchange
InterlockedExchange
IsValidCodePage
HeapCreate
_lclose
BackupRead
Beep
CreateEventA
DebugBreak
EndUpdateResourceW
EnumDateFormatsExW
EnumResourceTypesW
FindClose
FindFirstFileA
FindResourceA
GetEnvironmentVariableA
GetFileAttributesA
GetVersionExA
IsDBCSLeadByte
MapViewOfFile
MultiByteToWideChar
SetConsoleActiveScreenBuffer
SetConsoleOutputCP
SetErrorMode
SetFileAttributesA
SetUnhandledExceptionFilter
SetVolumeLabelA
TerminateProcess
UnhandledExceptionFilter
CreateFileA
EnumLanguageGroupLocalesA
FormatMessageA
GetCPInfo
GetConsoleMode
GetDiskFreeSpaceA
GetFileSize
GetFileType
GetModuleHandleA
GetOverlappedResult
GetProcessHeap
GetStdHandle
GetSystemInfo
GlobalMemoryStatusEx
ResetEvent
TlsGetValue
VirtualAlloc
WriteFile
DeleteTimerQueue
FormatMessageW
GetComputerNameExW
GetDateFormatA
GetStringTypeW
GetThreadLocale
GetTimeFormatA
LoadLibraryExW
LocalAlloc
SetConsoleCP
SetFileTime
DisconnectNamedPipe
FreeEnvironmentStringsW
GetConsoleOutputCP
GetModuleFileNameW
GetNamedPipeHandleStateA
HeapValidate
PeekConsoleInputW
ReadConsoleW
SetConsoleCtrlHandler
SetConsoleMode
WriteConsoleW
DisableThreadLibraryCalls
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
CreateConsoleScreenBuffer
CreateTimerQueueTimer
EnumDateFormatsExA
GetBinaryTypeA
GetModuleFileNameA
GetOEMCP
GetProfileSectionA
GetStringTypeA
Process32First
ReadConsoleA
ReplaceFileA
WriteProfileStringA
DeleteFileA
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindResourceExW
GetConsoleAliasExesLengthA
GetExitCodeProcess
InterlockedIncrement
LoadResource
LockResource
RaiseException
ReleaseMutex
SizeofResource
SystemTimeToFileTime
ClearCommBreak
FindFirstFileW
FreeResource
GetLongPathNameA
GetNumberFormatA
GetSystemDirectoryA
GetVolumePathNameA
IsBadStringPtrW
LoadLibraryExA
MulDiv
SetMailslotInfo
WritePrivateProfileSectionW
lstrcatA
lstrcpyA
lstrcpynA
lstrlen
lstrlenA
GetLastError
GetACP
GetTimeZoneInformation
LocalFileTimeToFileTime
GetCommandLineA
HeapFree
CreateProcessA
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetLocaleInfoA
GetLocaleInfoW
TlsAlloc
SetLastError
TlsFree
TlsSetValue
HeapAlloc
DeleteCriticalSection
FatalAppExitA
IsDBCSLeadByteEx
GetConsoleCP
FindNextFileA
FileTimeToLocalFileTime
GetDriveTypeW
VirtualProtect
VirtualQuery
HeapReAlloc
HeapSize
SetHandleCount
GetStartupInfoA
WriteConsoleA
LCMapStringA
LCMapStringW
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
VirtualFree
IsBadWritePtr
CompareStringA
CompareStringW
CreatePipe
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSection
FlushFileBuffers
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEndOfFile
LoadLibraryA
CreateProcessW
GetFileAttributesW
GetDriveTypeA
GetCurrentDirectoryW
SetEnvironmentVariableA

ole32

OleCreateFromFile
HBRUSH_UserUnmarshal
CreateDataAdviseHolder
StringFromCLSID
PropVariantCopy
PropVariantClear
HENHMETAFILE_UserFree
GetHGlobalFromStream
CoTreatAsClass
CoTaskMemAlloc
CoGetInstanceFromFile
CoCreateGuid
CLSIDFromString
CLIPFORMAT_UserUnmarshal
CoTaskMemFree
CoCreateInstance
UtConvertDvtd16toDvtd32
StgGetIFillLockBytesOnFile
OleCreateDefaultHandler
HBRUSH_UserMarshal
CoUnmarshalInterface
CoFileTimeNow
CoCancelCall
SNB_UserMarshal
OleDoAutoConvert
CoMarshalInterface
CoGetObject
CoGetMarshalSizeMax
CLIPFORMAT_UserSize

oleaut32

VarUI1FromI2
GetRecordInfoFromTypeInfo
RegisterActiveObject
VarUI4FromDate
DispGetParam
VarR4FromBool
VarI2FromStr
VarDateFromI4
OleLoadPicturePath
VarDateFromR4
VarCyFix
VarBoolFromI1
GetActiveObject
VarUI4FromUI2
VarI1FromUI1
VarR4FromUI1
VarNumFromParseNum
VarDecSu
VarDecDiv
VarDateFromR8
SafeArrayGetIID
OleCreatePictureIndirect
VectorFromBstr
VarWeekdayName
VarImp
VarBstrCat
VarUI2FromDisp
VarI2FromI4
VarDateFromCy
GetAltMonthNames
VarBstrFromDisp

shell32

SHAppBarMessage
WOWShellExecute
ExtractAssociatedIconExA
SHGetMalloc
DragQueryPoint
ExtractAssociatedIconExW
ShellExecuteA
SHGetFileInfoW

Exports

Exports

hndjnmdta

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f51ad22b1b762d8cd02eadeda71301e

Headers

File Characteristics

Imports

gdi32

kernel32

ole32

oleaut32

shell32

Exports

Exports

Sections

.text Size: 312KB - Virtual size: 311KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 12KB - Virtual size: 25KB

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 312KB - Virtual size: 311KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 12KB - Virtual size: 25KB

.reloc
Size: 24KB - Virtual size: 22KB