42583794ef58c752fbf4890df6439b88_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42583794ef58c752fbf4890df6439b88_JaffaCakes118
Size

259KB
MD5

42583794ef58c752fbf4890df6439b88
SHA1

49a5883d3b266b03bd37f34387417346e2128e29
SHA256

41dc21526ea9732e3d60340238b330f655ffdc2820b7e8b307c29608a42c91d8
SHA512

c1da685b2368eaa028af98bedf5610b7940fca9772a89119e461a1a7907a424e46f347b372dbb600fe117063de670dc788e1925b29cf368f2cd4f27cb7ea78e1
SSDEEP

6144:EESWo0vXB/hB+YWqqlESjQ/Ok2uBAvdqwWXXVk:noaR/hBVkE88N2Y40k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42583794ef58c752fbf4890df6439b88_JaffaCakes118

Files

42583794ef58c752fbf4890df6439b88_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

aac1259ac2be5e958c01de9b917c2230

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

irprops.cpl

BluetoothFindRadioClose
BluetoothFindFirstDevice
BluetoothFindFirstRadio
BluetoothSetServiceState
BluetoothAuthenticateDevice
BluetoothRemoveDevice
BluetoothUpdateDeviceRecord
BluetoothGetDeviceInfo
BluetoothFindDeviceClose
BluetoothFindNextDevice

ws2_32

socket
closesocket
WSAGetLastError
WSALookupServiceEnd
WSALookupServiceNextA
WSALookupServiceBeginA
WSAAddressToStringA
WSACleanup
WSAStartup
listen
WSASetServiceA
getsockname
bind
recv
accept
setsockopt
send
connect
shutdown

ncltools

?NclInit@@YAXPAUHINSTANCE__@@PA_WPAVCModuleInfo@@@Z
?NclLogDump@@YAXAAVCModuleInfo@@JK@Z
?NclLogDump@@YAXAAVCModuleInfo@@PBDZZ
?NclRegister@@YAJKAAUNCL_MODULE_INFO@@@Z
?NclUnregister@@YAJKU_GUID@@@Z
?NclGetCustomDataItems@@YAJU_GUID@@PAKPAUNCL_CUSTOM_DATA@@@Z
?NclAddCustomDataItem@@YAJU_GUID@@PAUNCL_CUSTOM_DATA@@@Z
?NclDeleteCustomDataItem@@YAJU_GUID@@AAVCComBSTR@ATL@@@Z
?NclGetRegistryPath@@YA?AVCComBSTR@ATL@@K@Z
?GetString@NclRegistry@@QAEJPA_WPAPA_W@Z
?EnumerateKeys@NclRegistry@@QAEJPAKPAPAUNCL_REG_VALUE@@@Z
?Open@NclRegistry@@QAEJPAUHKEY__@@PA_WK@Z
??1NclRegistry@@QAE@XZ
??0NclRegistry@@QAE@XZ

kernel32

FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetOEMCP
GetCPInfo
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetFileType
SetHandleCount
HeapSize
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
InitializeCriticalSection
DeleteCriticalSection
GetLastError
MultiByteToWideChar
WideCharToMultiByte
SetEvent
ResetEvent
DisableThreadLibraryCalls
IsBadCodePtr
EnterCriticalSection
LeaveCriticalSection
CreateEventA
CloseHandle
CreateThread
WaitForSingleObject
WaitForMultipleObjects
ExitThread
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
TerminateThread
SystemTimeToFileTime
Sleep
lstrlenW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
GetProcAddress
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
RtlUnwind
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
GetStartupInfoA

user32

CharUpperBuffA

ole32

CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringByteLen
VarBstrCmp
VarBstrCat

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NclLoadModule

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aac1259ac2be5e958c01de9b917c2230

Headers

File Characteristics

Imports

irprops.cpl

ws2_32

ncltools

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 14KB - Virtual size: 13KB