3dab76a6556c990e24c56b48e1be9cc5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3dab76a6556c990e24c56b48e1be9cc5_JaffaCakes118
Size

142KB
MD5

3dab76a6556c990e24c56b48e1be9cc5
SHA1

2a9e959db4e6f020738f7d837f0c369704bc89bb
SHA256

9a4f4ee6f4cdf5d90cdfadf42bd56ba6568828e17d6d27c4dab59975c2fb38d8
SHA512

79e28b321ee5930b91755d1256a0d49c57f40241dfcc11c9975433e4017dffdd018c8b2c81f48b06891b55d1d16fefedfe426f93661cd55457aea38b74ecac2d
SSDEEP

1536:a40FtxlCe9fNJ4BcwE44PXU3uXZ/+BBKnIIo7jUvX5509elHI9HE:+xTJpwE4v3uXZ/W8YjUvPG0GHE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dab76a6556c990e24c56b48e1be9cc5_JaffaCakes118

Files

3dab76a6556c990e24c56b48e1be9cc5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

604cb2bbb1e6f34717d12baccf2886a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ntshrui.pdb

Imports

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
memmove
towlower
wcsrchr
_wcsicmp
_wcsnicmp
wcslen
wcscpy
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
free
malloc
_except_handler3

atl

ord32

ole32

CoCreateInstance
ReleaseStgMedium

shell32

ord730
ShellExecuteExW
SHGetFileInfoW
ord178
SHChangeNotify
ord171
ord680
SHGetFolderPathW
ShellExecuteW
DragQueryFileW
SHBindToParent
ord25
SHGetSpecialFolderPathW

shlwapi

PathCombineW
ord174
ord219
ord437
wnsprintfW
PathIsUNCW
PathRemoveBackslashW
PathCommonPrefixW
SHGetValueW
StrRetToBufW
PathIsDirectoryW
PathIsRootW

netapi32

I_NetNameValidate
NetConnectionEnum
NetShareAdd
NetShareDel
NetShareSetInfo
NetShareGetInfo
NetShareEnum
NetApiBufferFree

advapi32

QueryServiceConfigW
SetSecurityDescriptorControl
AddAccessAllowedAceEx
TreeResetNamedSecurityInfoW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetInheritanceSourceW
ConvertStringSidToSidW
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
ConvertSidToStringSidW
OpenSCManagerW
QueryServiceStatus
OpenServiceW
CloseServiceHandle
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
OpenThreadToken
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
MapGenericMask
EqualSid
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

GetDriveTypeW
GetPrivateProfileIntW
LoadLibraryExA
SetLastError
GetComputerNameW
LoadLibraryW
GetProcAddress
lstrcmpiW
GetModuleFileNameW
GetModuleHandleW
GetCurrentThread
LocalAlloc
LocalFree
GetCurrentProcess
CloseHandle
GetCurrentThreadId
EnterCriticalSection
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GetWindowsDirectoryW
CreateThread
GlobalUnlock
GlobalLock
GlobalSize
FreeLibrary
GetVolumeInformationW
GetVolumePathNameW
ReleaseMutex
WaitForSingleObject
CreateMutexW
FreeLibraryAndExitThread
SetThreadPriority
GetExitCodeThread
FormatMessageW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
lstrcpynW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
lstrlenW
LeaveCriticalSection
Sleep

userenv

GetProfilesDirectoryW

user32

MessageBeep
DialogBoxParamW
SendNotifyMessageW
PostMessageW
LoadCursorW
SetCursor
CheckDlgButton
LoadIconW
wsprintfW
MessageBoxW
SetWindowTextW
ScreenToClient
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
SendMessageW
ShowWindow
LoadStringW
GetWindowLongW
SetWindowLongW
CallWindowProcW
GetParent
SetFocus
SetDlgItemTextW
CheckRadioButton
SendDlgItemMessageW
GetDlgItem
GetDlgItemTextW
EndDialog
IsDlgButtonChecked
WinHelpW
RegisterClipboardFormatW
InsertMenuW
EnableWindow

Exports

Exports

CanShareFolderW
DllCanUnloadNow
DllGetClassObject
GetLocalPathFromNetResource
GetLocalPathFromNetResourceA
GetLocalPathFromNetResourceW
GetNetResourceFromLocalPath
GetNetResourceFromLocalPathA
GetNetResourceFromLocalPathW
IsFolderPrivateForUser
IsPathShared
IsPathSharedA
IsPathSharedW
SetFolderPermissionsForSharing
SharingDialog
SharingDialogA
SharingDialogW
ShowShareFolderUIW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

604cb2bbb1e6f34717d12baccf2886a2

Headers

File Characteristics

PDB Paths

Imports

msvcrt

atl

ole32

shell32

shlwapi

netapi32

advapi32

kernel32

userenv

user32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.data Size: 1024B - Virtual size: 930B

.rsrc Size: 93KB - Virtual size: 93KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 43KB

.data
Size: 1024B - Virtual size: 930B

.rsrc
Size: 93KB - Virtual size: 93KB

.reloc
Size: 2KB - Virtual size: 2KB