42c3b7b3fbed47fa271ab13d48212afe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42c3b7b3fbed47fa271ab13d48212afe_JaffaCakes118
Size

688KB
MD5

42c3b7b3fbed47fa271ab13d48212afe
SHA1

954d0807fe849dd3e6cf8d3cf4f865b10341c365
SHA256

b3410ccd70038247a07333513fe9339440c5e8bcc2b7f8c3a3363dcf178ac0f5
SHA512

7f018169123fd0bef084e0b389142e4461679c169d98e797555ca5f30b3a2c91438ea897776632827752be955bf286c79ee8b4349cb5520123eae194b9b54ad7
SSDEEP

12288:Cfiez6txDX7NmXaD9JHkw0EEO7KRx5hhgxcdfzqqG9oT3kuT+0AC:Cfiez6txDXpPD9JN0EE08nhhgxcdfVG+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42c3b7b3fbed47fa271ab13d48212afe_JaffaCakes118

Files

42c3b7b3fbed47fa271ab13d48212afe_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2a2f78c0185950ee6407a955713041b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
ReleaseMutex
WaitForSingleObject
GetSystemInfo
GetModuleHandleA
GetFileSize
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
WriteFile
SetFilePointer
DeleteFileA
ReadFile
GetModuleFileNameA
OpenEventA
VirtualProtect
FlushInstructionCache
GetCurrentProcess
SetLastError
Sleep
GetCurrentThreadId
LocalFree
LocalAlloc
FormatMessageA
CreateMutexA
OutputDebugStringA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GlobalAlloc
InterlockedCompareExchange
SetWaitableTimer
CreateWaitableTimerA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
GetVolumeInformationA
OpenMutexA
ExitProcess
FreeLibraryAndExitThread
TerminateThread
GetExitCodeThread
CreateThread
GetCurrentProcessId
SetErrorMode
LeaveCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
lstrcpynA
SetFileAttributesA
SetEndOfFile
GetWindowsDirectoryA
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
OpenSemaphoreA
CreateDirectoryA
FindCloseChangeNotification
FindClose
CompareFileTime
FindNextFileA
FindFirstFileA
DuplicateHandle
lstrcatA
GetTempPathA
FreeLibrary
MoveFileA
CreateProcessA
GetShortPathNameA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenFileMappingA
FlushFileBuffers
ExitThread
GetLocalTime
GetTickCount
IsBadReadPtr
GetDiskFreeSpaceExA
SetCurrentDirectoryA
GetDriveTypeA
GetLogicalDriveStringsA
CancelWaitableTimer
OpenWaitableTimerA
GetSystemTime
ExpandEnvironmentStringsA
GetSystemDirectoryA
SystemTimeToFileTime
CopyFileA
GetFileAttributesA
HeapAlloc
HeapFree
HeapReAlloc
SetEnvironmentVariableA
GetLocaleInfoW
SetStdHandle
IsBadCodePtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStringTypeW
GetStringTypeA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
QueryPerformanceCounter
IsBadWritePtr
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
GetTimeZoneInformation
RtlUnwind
VirtualQuery
GetProcessHeap
VirtualAlloc
VirtualFree
CreateEventA
SetEvent
CloseHandle
CompareStringW
CompareStringA
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrlenW
lstrcmpiA
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
lstrcpyA
InterlockedExchange
HeapDestroy

user32

GetPropA
SetPropA
CallWindowProcA
DefWindowProcA
SetWindowLongA
GetParent
CharLowerA
TranslateMessage
GetDlgItem
FindWindowA
SendMessageTimeoutA
CallNextHookEx
SetWindowsHookExA
CreateDesktopA
GetSystemMetrics
MsgWaitForMultipleObjects
GetForegroundWindow
PeekMessageA
GetDesktopWindow
RegisterClassExA
CreateWindowExA
GetMessageA
DispatchMessageA
PostMessageA
GetWindowTextA
GetClassNameA
LoadStringA
SetWindowPos
RemovePropA
GetWindowThreadProcessId
AttachThreadInput
GetActiveWindow
GetFocus
SetActiveWindow
GetKeyboardLayoutList
ActivateKeyboardLayout
GetKeyboardLayoutNameA
wsprintfA
wsprintfW
FindWindowExA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
SetSecurityInfo
CryptDecrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
RegCreateKeyA
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyA
RegEnumKeyA
SetEntriesInAclA
SetNamedSecurityInfoA
RegDeleteKeyA
RegEnumKeyExA
RegFlushKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteA

ole32

CoSetProxyBlanket
CoCreateInstance
OleRun
CoUnmarshalInterface
CoMarshalInterface
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoInitializeSecurity

oleaut32

GetErrorInfo
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysStringLen
SysFreeString
SysAllocString

shlwapi

StrChrA
StrStrIW
SHDeleteKeyA
PathFileExistsA
StrCmpNIA
UrlEscapeA
StrStrIA
SHDeleteValueA
StrStrA
StrRChrA

Exports

Exports

CreateMainProc
CreateProtectProc
DllCanUnloadNow
DllGetClassObject
SetVM
SysLogoff
SysLogon

Sections

.text
Size: 540KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MYSEC
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a2f78c0185950ee6407a955713041b2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 540KB - Virtual size: 538KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 16KB - Virtual size: 33KB

.MYSEC Size: 4KB - Virtual size: 8B

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 540KB - Virtual size: 538KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 16KB - Virtual size: 33KB

.MYSEC
Size: 4KB - Virtual size: 8B

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 36KB - Virtual size: 35KB