483f70cd93c2dd1f86630457703d95b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

483f70cd93c2dd1f86630457703d95b3_JaffaCakes118
Size

869KB
MD5

483f70cd93c2dd1f86630457703d95b3
SHA1

59b00aa6350aed3b1e00936001cf6af88a454e98
SHA256

46fd89d1652045c5950065a0bf9d3ab2526f8407e9818df71a8033b34e5947df
SHA512

9bb6cf74075d405ad7d9e4465b859e79fcde2173b7b4925895bc79c4324f691c4357d596c0a82fdc2852687f60c916b6e0737cf25034d65faf9ad9d6ad18e112
SSDEEP

12288:TU7TWXcwBBFR5/lj7S/CZ9jVwHVcNYdSnuGzuMlEF0Afd:T8iXcwBBFR5hSwjMc2dGzuMlEFz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
483f70cd93c2dd1f86630457703d95b3_JaffaCakes118

Files

483f70cd93c2dd1f86630457703d95b3_JaffaCakes118
.dll windows:6 windows x86 arch:x86

daa084c6d180ac8bb3132dd346574c7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

fontext.pdb

Imports

msvcrt

_wtoi
wcstok_s
bsearch_s
_ftol2_sse
_CxxThrowException
memmove
_wcsicmp
iswxdigit
memcpy
wcschr
memset
_vsnprintf
_stricmp
??1type_info@@UAE@XZ
_strcmpi
_wcsnset_s
_onexit
_lock
__dllonexit
_unlock
_vsnwprintf
_except_handler4_common
wcsstr
_XcptFilter
malloc
free
_initterm
_amsg_exit

kernel32

GetModuleHandleW
GetProcAddress
GetVersion
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetSystemTime
CompareFileTime
DisableThreadLibraryCalls
CreateFileW
ReadFile
SetFilePointer
FormatMessageW
Sleep
GetSystemDirectoryW
GlobalSize
LockResource
LoadResource
FindResourceW
MulDiv
GetLocaleInfoEx
IsDBCSLeadByte
lstrcmpW
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
ExpandEnvironmentStringsW
DelayLoadFailureHook
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetLastError
CloseHandle
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
CompareStringW
DeleteFileW
CreateFileA
CreateFileMappingA
MapViewOfFile
GetFileSize
UnmapViewOfFile
SetEndOfFile
_lopen
_lclose
FindResourceExW
SizeofResource
LoadLibraryW
GetModuleHandleA
LoadLibraryA
CompareStringOrdinal
ReleaseSRWLockShared
AcquireSRWLockShared
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpiA
LocalAlloc
LocalFree
GlobalFree
InterlockedDecrement
LZClose
LZOpenFileW
LZRead
LZSeek
InterlockedIncrement
CompareStringEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
SystemTimeToFileTime
FindFirstFileW
FindClose
GetDriveTypeW
lstrlenW
CopyFileW
GetFileAttributesW
SetFileAttributesW

user32

LoadStringW
SetMenuItemInfoW
SetCursor
LoadCursorW
GetMenuItemInfoW
InsertMenuItemW
RegisterClipboardFormatW
PostMessageW
GetDesktopWindow
MessageBoxW
SetWindowPos
GetFocus
SetWindowLongW
GetWindowLongW
RegisterClassW
UnregisterClassW
CreateWindowExW
DestroyWindow
DrawTextW
SetRect
FillRect
DefWindowProcW
GetClientRect
SetScrollInfo
EndPaint
BeginPaint
GetPropW
RemovePropW
SetTimer
SetPropW
KillTimer
GetSystemMetrics
GetWindowRect
MoveWindow
LoadImageW
DrawIconEx
DestroyIcon
DrawTextExW
CreateDialogParamW
SendMessageW
GetDlgItem
GetDC
SetWindowTextW
ShowWindow
ReleaseDC
PeekMessageW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
GetSysColorBrush
GetParent
ScrollWindowEx
InvalidateRect

advapi32

MapGenericMask
GetFileSecurityW
DuplicateToken
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
AccessCheck

gdi32

CreateDIBSection
SetBkMode
GetTextExtentExPointI
GetTextExtentExPointW
GetGlyphIndicesW
GetTextCharsetInfo
GetTextExtentPointI
ExtTextOutW
AddFontResourceExW
CreateCompatibleDC
GetDeviceCaps
SetTextAlign
SetTextColor
SetBkColor
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetTextMetricsW
MoveToEx
LineTo
RemoveFontResourceExW
CreateSolidBrush
GetFontResourceInfoW
DeleteObject
AddFontResourceW
RemoveFontResourceW
GetLayout
DeleteDC

ole32

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
StringFromGUID2
CoGetObject
CoTaskMemRealloc
CoGetMalloc
PropVariantClear
CoCreateInstance
ReleaseStgMedium
CreateBindCtx
CoTaskMemFree

oleaut32

VariantClear
SysAllocString
VariantInit

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ord680
ord152
SHChangeNotify
ShellExecuteExW
ord763
ord16
SHCreateDataObject
SHCreateDefaultContextMenu
ord256
ord701
ord25
SHGetPathFromIDListW
SHGetKnownFolderPath
ord155
AssocCreateForClasses
SHGetSpecialFolderLocation
SHGetIconOverlayIndexW
SHGetSpecialFolderPathW
ord18
ord702
SHBindToObject
SHBindToParent
SHBindToFolderIDListParentEx
ord681
ord19
ord17
ord727
SHCreateShellItemArrayFromIDLists
SHParseDisplayName

uxtheme

BufferedPaintInit
BeginBufferedPaint
EndBufferedPaint
BufferedPaintUnInit

propsys

PSFormatForDisplay
VariantGetElementCount
VariantGetStringElem
InitPropVariantFromFileTime
InitPropVariantFromStringVector
PSCreateMemoryPropertyStore
PropVariantToVariant
PSGetPropertyFromPropertyStorage
VariantToPropVariant
VariantCompare

mpr

WNetGetConnectionW

shlwapi

ord215
StrDupW
ord639
ord476
ord12
ord618
StrStrW
PathRenameExtensionW
AssocCreate
ord158
ord496
ord538
ord172
ord176
ord493
ord256
PathFileExistsW
PathCompactPathExW
PathStripPathW
StrChrW
ord268
PathRemoveFileSpecW
PathRemoveExtensionW
PathIsPrefixW
PathFindExtensionW
PathCombineW
SHCreateStreamOnFileW
ord219
SHStrDupW
PathIsUNCW
PathStripToRootW
PathAddBackslashW
PathAppendW
PathFindFileNameW
ord174
ord197
StrRetToBufW
ord204
ord514
ord24
ord494
ord156
PathFindFileNameA
PathRemoveFileSpecA
PathRemoveExtensionA
ord199

ntdll

WinSqmAddToStream
EtwLogTraceEvent

Exports

Exports

DllCanUnloadNow
DllGetClassObject
InstallFontFile

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 631KB - Virtual size: 631KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daa084c6d180ac8bb3132dd346574c7a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

gdi32

ole32

oleaut32

version

shell32

uxtheme

propsys

mpr

shlwapi

ntdll

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 158KB

.data Size: 63KB - Virtual size: 64KB

.rsrc Size: 631KB - Virtual size: 631KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 158KB - Virtual size: 158KB

.data
Size: 63KB - Virtual size: 64KB

.rsrc
Size: 631KB - Virtual size: 631KB

.reloc
Size: 15KB - Virtual size: 15KB