49a0ef025fb84d905be003dd413cb430_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

49a0ef025fb84d905be003dd413cb430_JaffaCakes118
Size

587KB
MD5

49a0ef025fb84d905be003dd413cb430
SHA1

c0259012301b712bd22a8787f60e2a5733adcc7d
SHA256

99589b88a22a22fdd8b86c1fb798d081c17affbb03d8b4e210d8f42ae2c85064
SHA512

354b0fcca020acd2ce3972d88ef6f2617394405a6c22435fc21bea874ac31cd101188188ac9d952cd365704620590a3d5dfdac725f12adfff3d2c8cee7d08258
SSDEEP

12288:M5tQlVR2/kr0/Eotvu2ZDjf++kstdlzubQxt3Vs3NIrRhOjJpRcXOWwrds62gUUS:M5tQlV8/kr0/EoZu2ZDjf++kstdlzubS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49a0ef025fb84d905be003dd413cb430_JaffaCakes118

Files

49a0ef025fb84d905be003dd413cb430_JaffaCakes118
.dll windows:4 windows x86 arch:x86

94bb42a4f2dada37252d907ad99107ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DLP.pdb

Imports

kernel32

InterlockedExchangeAdd
FindNextFileW
FindClose
ReleaseSemaphore
QueryDosDeviceW
CreateFileW
CreateSemaphoreW
GetDriveTypeW
ResumeThread
GetFileAttributesW
CreateDirectoryW
GetVolumeNameForVolumeMountPointW
SetErrorMode
ProcessIdToSessionId
GetFileAttributesExW
GetDiskFreeSpaceExW
CopyFileW
SetFileTime
WriteFile
ReadFile
GetHandleInformation
GetFileSize
FlushFileBuffers
GetVolumeInformationW
GetLocalTime
LocalAlloc
MoveFileExW
OpenProcess
InterlockedExchange
GetExitCodeThread
IsBadCodePtr
SetFilePointer
lstrlenA
TerminateProcess
SetEndOfFile
lstrcpynW
GetACP
FileTimeToSystemTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
IsValidCodePage
HeapSize
HeapReAlloc
MultiByteToWideChar
GetTickCount
FindFirstFileW
InterlockedIncrement
Sleep
SetEvent
FlushInstructionCache
FindResourceW
GetCurrentProcessId
GetCurrentThread
CreateEventW
lstrcmpiW
SetThreadPriority
GetCurrentProcess
EnterCriticalSection
TerminateThread
DuplicateHandle
GetModuleFileNameW
GetSystemDirectoryW
WaitForSingleObject
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
RemoveDirectoryW
SetFileAttributesW
FreeLibrary
LoadLibraryW
LeaveCriticalSection
CloseHandle
GetProcAddress
SetWaitableTimer
lstrlenW
CreateWaitableTimerW
ReleaseMutex
WaitForMultipleObjects
CreateMutexW
DeleteFileW
lstrcatA
CreateEventA
GetTempFileNameW
GetTempPathW
SetLastError
CreateToolhelp32Snapshot
FindResourceExW
Process32FirstW
Process32NextW
LoadResource
RaiseException
LockResource
GetModuleHandleW
SizeofResource
HeapFree
GetProcessHeap
GetCurrentThreadId
HeapAlloc
GetComputerNameW
lstrcmpW
InterlockedDecrement
GetStdHandle
ExitProcess
GetModuleHandleA
GetCPInfo
RtlUnwind
GetCommandLineA
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetStringTypeExW
GetUserDefaultLCID
GetThreadLocale
GetLocaleInfoA
UnmapViewOfFile
VirtualAlloc
MapViewOfFile
GetVersionExW
lstrcatW
FileTimeToDosDateTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetFileInformationByHandle
IsBadReadPtr
GlobalReAlloc
ResetEvent
GetOverlappedResult
LocalFree
lstrcpyW
CreateFileA
CreateFileMappingW
lstrcpyA
OpenFileMappingW
GetComputerNameExW
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
GetSystemTimeAsFileTime
GlobalSize
CreateMutexA
GetSystemTime
lstrcpynA
GetLastError

user32

CreateWindowExW
GetMessageW
CharLowerBuffW
CharLowerW
UnregisterClassA
SetWindowLongW
IsWindow
GetLastInputInfo
GetWindowLongW
GetClassInfoExW
RegisterClassExW
CharUpperW
LoadCursorW
CallWindowProcW
DestroyWindow
DefWindowProcW
ShowWindow
GetDesktopWindow
GetCursorPos
KillTimer
SendMessageW
SendMessageTimeoutW
RegisterWindowMessageW
SetTimer
GetWindowThreadProcessId
MessageBoxW
DestroyIcon
RemoveMenu
LoadImageW
LoadStringW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
PostMessageW
GetAsyncKeyState
PostThreadMessageW
GetWindowTextW
GetWindowTextLengthW
SetForegroundWindow
EnableMenuItem
SetDlgItemTextW
EndDialog
DialogBoxParamW
SendDlgItemMessageW
GetActiveWindow
GetDlgItem
SetFocus
EnableWindow
SetWindowTextW
GetWindow
SystemParametersInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMenu
DestroyMenu

gdi32

CreateSolidBrush
CreateFontIndirectW
GetObjectW
CreateFontW
DeleteObject

comdlg32

GetSaveFileNameW

advapi32

CreateProcessAsUserW
ConvertStringSidToSidW
SetNamedSecurityInfoW
GetTokenInformation
IsValidSid
SetTokenInformation
DuplicateTokenEx
ImpersonateLoggedOnUser
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RevertToSelf
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
LookupAccountNameW
ConvertSidToStringSidW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
RegQueryValueExW
SetSecurityDescriptorSacl
RegOpenKeyExW
RegCloseKey
CryptDestroyKey
GetSidSubAuthority
GetSidSubAuthorityCount
CryptEncrypt
CryptDecrypt
CryptDeriveKey

shell32

SHCreateDirectoryExW
ord190
ord155
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderLocation
SHGetFolderPathW

ole32

CoUninitialize
StgIsStorageFile
CreateStreamOnHGlobal
GetHGlobalFromStream
StgOpenStorage
OleRun
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoInitializeEx

oleaut32

VarBstrFromI4
VarBstrFromUI4
VarUI4FromStr
VarI4FromStr
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysAllocStringLen
VariantTimeToSystemTime
SafeArrayDestroy
VarBstrCmp
VariantClear
SysFreeString
SysStringLen
SysAllocString
SafeArrayRedim
VarBstrCat
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
GetErrorInfo

proxy

??0CProxy@@QAE@XZ
??1CProxy@@QAE@XZ
?Open@CProxy@@QAEJHPAX@Z
?Close@CProxy@@QAEXXZ
?SendRemoteHttpRequest@CProxy@@QAEJPAGJPAUtagVARIANT@@1J10@Z

shlwapi

PathStripPathW
PathRemoveFileSpecW
PathFileExistsW
PathFindExtensionW
SHCreateStreamOnFileW
PathSkipRootW
PathAppendW

comctl32

ord17
InitCommonControlsEx

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSCloseServer
WTSOpenServerW

netapi32

NetWkstaUserEnum
NetApiBufferFree

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW
UuidCreate

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessMemoryInfo

fltlib

FilterReplyMessage
FilterGetMessage
FilterSendMessage
FilterConnectCommunicationPort
FilterUnload
FilterLoad

sccda

DAGetFileId
DACloseDocument
DAInit
DASetOption
DADeInit
DAOpenDocument

sccta

TAReadNext
TACloseText
TAOpenText
TAReadFirst

sccca

CAOpenContent
CACloseContent
CAReadNext
CAReadFirst

Exports

Exports

StartApp
StartWorker

Sections

.text
Size: 436KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94bb42a4f2dada37252d907ad99107ee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

proxy

shlwapi

comctl32

wtsapi32

netapi32

rpcrt4

userenv

psapi

fltlib

sccda

sccta

sccca

Exports

Exports

Sections

.text Size: 436KB - Virtual size: 432KB

.rdata Size: 76KB - Virtual size: 74KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 20KB - Virtual size: 18KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 436KB - Virtual size: 432KB

.rdata
Size: 76KB - Virtual size: 74KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 20KB - Virtual size: 18KB

.reloc
Size: 32KB - Virtual size: 31KB