38ffed9b447b03aa0dad3afb8f8cace8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38ffed9b447b03aa0dad3afb8f8cace8_JaffaCakes118
Size

3.0MB
MD5

38ffed9b447b03aa0dad3afb8f8cace8
SHA1

dd95a70bc62ae3f91e80ef5b13da3af566d17d59
SHA256

14b3d5ee671d9109ea08b588e67004b8386978b1a1e1a045cab64e90fbefff78
SHA512

cbf758803703d5ddcf8ada65d35af1b9ff332eb9a4b1fb6d4ae8edf5b12808b2348cf8e5bd7f8dd3c9babe4407a1232245a8028786e64767ae05608f861b0efc
SSDEEP

49152:o4cdNaVxy15WJelnPbt5HiomIpsQLqSEkbhHeVTMXc1CGAyBwNv:oQny15WMlPbtDsYckbhHo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38ffed9b447b03aa0dad3afb8f8cace8_JaffaCakes118

Files

38ffed9b447b03aa0dad3afb8f8cace8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1a2e0bac5e22fa76775b07bec28272c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

NS_GetComponentManager
NS_GetServiceManager
NS_Alloc
NS_Free
NS_CStringContainerFinish
NS_CStringSetData
NS_CStringContainerInit
NS_StringContainerFinish
NS_StringContainerInit2
NS_StringContainerInit
NS_CStringGetData
NS_StringGetData

kernel32

CreateDirectoryA
GetACP
GetEnvironmentStrings
GetStringTypeW
GetCPInfo
ResetWriteWatch
SetThreadAffinityMask
LoadLibraryW
GlobalUnWire
GetDiskFreeSpaceA
lstrcpynA
VirtualAllocEx
GetCommandLineW
SetThreadPriorityBoost
GetVersionExW
CreateProcessW
ReadFileEx
AddAtomW
FindResourceW
GetProcAddress
LoadLibraryA
GetComputerNameA
FindFirstFileW
RemoveDirectoryW
SetupComm
OpenEventA
SetHandleInformation
InterlockedCompareExchange
SetTapePosition
FatalExit
GetProfileIntW
GlobalFlags
HeapAlloc
GetPrivateProfileStructW
MoveFileExA
OutputDebugStringW
GetFileAttributesW
GetCommModemStatus
GetVolumeInformationW
GetModuleFileNameA
GlobalGetAtomNameW
HeapCreate
CreateMutexW
lstrcpyA
GetFullPathNameW
GlobalDeleteAtom
SetFileAttributesA
BeginUpdateResourceA
CreateMailslotW
GetNamedPipeHandleStateW
GetDiskFreeSpaceExA
CreateSemaphoreW
CreateFileMappingW
HeapLock
GlobalFix
LeaveCriticalSection
OpenSemaphoreW
GetSystemWindowsDirectoryW
HeapUnlock
SystemTimeToFileTime
GetWriteWatch
GetStdHandle
WriteProfileStringW
RaiseException
BuildCommDCBW
WaitNamedPipeW
OpenMutexW
GetProcessPriorityBoost
GetCurrentProcessId
HeapWalk
GlobalReAlloc
IsSystemResumeAutomatic
GetBinaryTypeW
DeleteFileW
OpenEventW
GetModuleHandleA
GetSystemPowerStatus
GlobalUnfix
ConnectNamedPipe
GetCurrentDirectoryA
BeginUpdateResourceW
QueryDosDeviceA
BackupWrite
LocalFlags
VirtualQueryEx
GetComputerNameW
SetProcessPriorityBoost
GlobalFindAtomW
OpenFile
DefineDosDeviceW
GetEnvironmentStringsW
UnlockFileEx
LocalUnlock
SetThreadExecutionState
IsBadStringPtrW
lstrcpyW
TlsGetValue
DuplicateHandle
SetComputerNameA
WaitForSingleObjectEx
GetFileInformationByHandle
IsBadHugeWritePtr
GetTickCount
GetSystemDirectoryA
FreeEnvironmentStringsW
CopyFileW
OpenSemaphoreA
GetFileAttributesExW
DebugBreakProcess
CommConfigDialogA
GetNamedPipeInfo
GetCommConfig
SetDefaultCommConfigW
EnterCriticalSection
CreatePipe
QueryPerformanceCounter
CommConfigDialogW
GetTapeParameters
MoveFileA
WriteFile
Sleep
DosDateTimeToFileTime
GetPrivateProfileSectionNamesA
CreateTapePartition
ExpandEnvironmentStringsW
CancelIo
FileTimeToLocalFileTime
GetPrivateProfileStringA
GetProcessTimes
GetLongPathNameA
ResumeThread
GlobalWire
GetPrivateProfileSectionA
WriteTapemark
SetCommConfig
GlobalFindAtomA
GetSystemTimeAdjustment
WritePrivateProfileStringA
VirtualFreeEx
BackupRead
GetPrivateProfileIntW
CreateFileW
GlobalUnlock
MoveFileExW
EnumResourceLanguagesA
GetStartupInfoA
MapViewOfFileEx
FormatMessageW
CreateIoCompletionPort
lstrcmpW
EnumResourceLanguagesW
ExitProcess
CancelDeviceWakeupRequest
ReadProcessMemory
GetFileTime
EnumResourceTypesA
FindClose
GetBinaryTypeA
GetLongPathNameW
GetPrivateProfileStructA
GetCommandLineA
WaitForMultipleObjects
CallNamedPipeW
DeleteAtom
SetStdHandle
SetPriorityClass
CreateProcessA
LocalShrink
SuspendThread
EraseTape
GetModuleFileNameW
GetAtomNameA
VirtualAlloc
GlobalMemoryStatusEx
TlsAlloc
DebugBreak
GetPrivateProfileStringW
GetLogicalDriveStringsA
EscapeCommFunction
lstrcpynW
GetProcessHeaps
DeviceIoControl
LockFileEx
GlobalGetAtomNameA
OpenFileMappingW
lstrcmpiA
FatalAppExitW
lstrlenA
GetNumaHighestNodeNumber
GetTempPathW
GlobalCompact
GetCurrentDirectoryW
IsBadReadPtr
SetLocalTime
ExpandEnvironmentStringsA
FindAtomW
ReadFileScatter
FindFirstChangeNotificationA
GetCommState
GetNamedPipeHandleStateA
WaitCommEvent
FindNextFileW
lstrcmpiW
VirtualProtect
IsProcessorFeaturePresent
WriteProfileSectionW
GlobalAddAtomW
FindNextFileA
FileTimeToSystemTime
GetProcessVersion
SetSystemPowerState
GetDiskFreeSpaceExW
ResetEvent
GetProcessShutdownParameters
SetCommTimeouts
GetThreadTimes
SizeofResource
CompareStringW
CompareStringA
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetCommTimeouts
FindResourceA
GlobalMemoryStatus
SetFirmwareEnvironmentVariableW
GetFirmwareEnvironmentVariableW
SetVolumeLabelW
RemoveDirectoryA
DebugActiveProcessStop
GetAtomNameW
LocalAlloc
GetNumaAvailableMemoryNode
FlushInstructionCache
MapViewOfFile
CreateThread
GetCompressedFileSizeW
SetComputerNameW
GetSystemWindowsDirectoryA
BuildCommDCBAndTimeoutsW
LocalSize
SetFileApisToANSI
SetFileShortNameA
GetEnvironmentVariableW
InitializeCriticalSection
DeleteCriticalSection
SetTimeZoneInformation
InitAtomTable
QueryDosDeviceW
LockResource
IsBadHugeReadPtr
VerifyVersionInfoW
GetDiskFreeSpaceW
SetSystemTimeAdjustment
GetExitCodeThread
CallNamedPipeA
LCMapStringW
HeapQueryInformation
DefineDosDeviceA
FreeResource
GetFileSize
GetLastError
SetUnhandledExceptionFilter
GetQueuedCompletionStatus
SetEndOfFile
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryW
InterlockedExchange
IsBadCodePtr
EnumResourceNamesW
CreateFileA
GetLogicalDrives
GlobalLock
WinExec
WriteFileEx
GetDriveTypeW
GetVersion
UpdateResourceW
GetThreadPriority
SetFileAttributesW
DebugActiveProcess
MoveFileW
GlobalSize
SetSystemTime
GetProfileSectionW
CreateMailslotA
LoadResource
VirtualFree
SetHandleCount
FindCloseChangeNotification
SetEnvironmentVariableA
GlobalAlloc
GetSystemInfo
CreateNamedPipeW
FindAtomA
GetShortPathNameW
GetFileAttributesExA
CreateEventA
GetProfileStringW
GetPrivateProfileSectionNamesW
SetEnvironmentVariableW
WritePrivateProfileStringW
GetFileType
GetCommMask
RequestDeviceWakeup
GetPrivateProfileIntA
CreateEventW
GetCurrentThread
CreateDirectoryExA
WriteProfileSectionA
GetNumaNodeProcessorMask
WaitForSingleObject
GetFirmwareEnvironmentVariableA
GetProcessIoCounters
GetProfileIntA
GetOverlappedResult
MulDiv
GetPrivateProfileSectionW
GetThreadPriorityBoost
GetDriveTypeA
TerminateThread
OpenMutexA
BuildCommDCBAndTimeoutsA
GetEnvironmentVariableA
GetVolumeInformationA
PostQueuedCompletionStatus
CompareFileTime
GlobalAddAtomA
GlobalFree
OutputDebugStringA
CreateDirectoryExW
HeapSetInformation
GetCurrentThreadId
GetTimeZoneInformation
GetThreadSelectorEntry
GetStartupInfoW
UnmapViewOfFile
TlsFree
LoadModule
FreeLibraryAndExitThread
AreFileApisANSI
GetWindowsDirectoryA
GetTempPathA
CreateDirectoryW
GetNumaProcessorNode
GetCompressedFileSizeA
HeapReAlloc
WriteProfileStringA
DeleteFileA
FatalAppExitA
CloseHandle
SetMessageWaitingIndicator
SetFileTime
InterlockedExchangeAdd
EndUpdateResourceW
FindResourceExW
SetTapeParameters
Beep
FindFirstChangeNotificationW
EnumResourceTypesW
GetFileSizeEx
SetFilePointer
IsBadWritePtr
OpenThread
LockFile
GetDevicePowerState
CopyFileA
WriteFileGather
HeapDestroy
CreateNamedPipeA
LocalLock
TzSpecificLocalTimeToSystemTime
OpenProcess
GetProcessId
GetModuleHandleW
VirtualLock
QueryPerformanceFrequency
GetProfileSectionA
SetThreadPriority
LocalFree
WritePrivateProfileSectionW
GetPriorityClass
SetFirmwareEnvironmentVariableA
GetLogicalDriveStringsW
GetFileAttributesA
FlushViewOfFile
HeapSize
GetHandleInformation
InterlockedIncrement
GetDefaultCommConfigA
GetSystemTimeAsFileTime
HeapCompact
FileTimeToDosDateTime
PrepareTape
GetThreadContext
GlobalHandle
GetMailslotInfo
VerifyVersionInfoA
SetMailslotInfo
LocalHandle
GetLocalTime
LocalCompact
BackupSeek
GetVersionExA
OpenFileMappingA
SetProcessShutdownParameters
LocalReAlloc
SetErrorMode
ProcessIdToSessionId
CreateFileMappingA
GetTempFileNameW
UpdateResourceA
WaitForMultipleObjectsEx
SetProcessWorkingSetSize
DebugSetProcessKillOnExit
TerminateProcess
lstrcatA
GetShortPathNameA
SetCurrentDirectoryA
ReadFile
SetProcessAffinityMask
WaitForDebugEvent
VirtualQuery
WritePrivateProfileStructA
ReleaseSemaphore
ContinueDebugEvent
SetCurrentDirectoryW
UnhandledExceptionFilter
FlushFileBuffers
RequestWakeupLatency
DisconnectNamedPipe
TlsSetValue
PurgeComm
EndUpdateResourceA
VirtualUnlock
GetProfileStringA
SystemTimeToTzSpecificLocalTime
lstrlenW
GetProcessAffinityMask
GetTempFileNameA
DisableThreadLibraryCalls
WritePrivateProfileSectionA
SetNamedPipeHandleState
CreateSemaphoreA
HeapFree
GetFullPathNameA
HeapValidate
SearchPathA
FreeLibrary
IsBadStringPtrA
FindResourceExA
VirtualProtectEx
GetSystemTime
GetTapeStatus
ClearCommError
SetFileApisToOEM
SetCommMask
CreateMutexA
ClearCommBreak
GetDefaultCommConfigW
SetEvent
FindFirstFileA
lstrcatW
SetDefaultCommConfigA
SetFilePointerEx
BuildCommDCBA
FindNextChangeNotification
TransactNamedPipe
InterlockedDecrement
WritePrivateProfileStructW
GetWindowsDirectoryW
FreeEnvironmentStringsA
SetLastError
FormatMessageA
EnumResourceNamesA
LocalFileTimeToFileTime
SetThreadContext
GetProcessWorkingSetSize
GetTapePosition
RtlUnwind
GetCurrentProcess
IsDebuggerPresent
LCMapStringA
GetOEMCP

user32

RealGetWindowClassA
ShowWindow
SetWindowTextW
GetWindowRect
CharUpperW
SetWindowPos
SystemParametersInfoW
IsWindow
IsWindowVisible
SendMessageW
GetClassNameA
SetWindowLongW
RealGetWindowClassW
EnumChildWindows
CharLowerW
GetClassNameW
MoveWindow
CallWindowProcW

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

Exports

Exports

NSGetModule
NSModule

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a2e0bac5e22fa76775b07bec28272c0

Headers

DLL Characteristics

File Characteristics

Imports

xpcom

kernel32

user32

nspr4

oleaut32

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 187KB - Virtual size: 186KB

.data Size: 27KB - Virtual size: 72KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 225KB - Virtual size: 225KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 187KB - Virtual size: 186KB

.data
Size: 27KB - Virtual size: 72KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 225KB - Virtual size: 225KB