4a61326e651afd76a96e8db10ea9fa62_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4a61326e651afd76a96e8db10ea9fa62_JaffaCakes118
Size

126KB
MD5

4a61326e651afd76a96e8db10ea9fa62
SHA1

efc438500bcfd3b5395051d0fd7703e991c29472
SHA256

df43d7b2a305427ed712de956442418c5d7675e1289eee7dab427c4fc34e13eb
SHA512

21bf4d48876f473fcabc814d23574b0aa0d5fba69b41881adcc7085db88cd21d58cc0dc173af134cc55b130536eb66741749e16ea5ba4ecc267c56e81bd56262
SSDEEP

3072:og5pqhprwHMCVIHBSfMU+rL1USHBZ1UD0SgO2JrgE9F5Mo:oThprwsCVIHMbSHBZSDCrr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a61326e651afd76a96e8db10ea9fa62_JaffaCakes118

Files

4a61326e651afd76a96e8db10ea9fa62_JaffaCakes118
.dll windows:6 windows x86 arch:x86

45cd88c710a716ac518134c559b2b732

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

regapi.pdb

Imports

msvcrt

memcpy
_wtol
wcschr
_vsnprintf
memmove
swscanf
_wcsicmp
_vsnwprintf
wcscpy_s
wcstoul
_XcptFilter
memset
_except_handler4_common
_amsg_exit
_initterm
free
malloc

ntdll

RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteN
RtlNtStatusToDosError
RtlSelfRelativeToAbsoluteSD
RtlMakeSelfRelativeSD
RtlInitUnicodeString
RtlCompareMemory
RtlRunEncodeUnicodeString
RtlRunDecodeUnicodeString

advapi32

GetSecurityDescriptorControl
LookupAccountNameW
InitializeSecurityDescriptor
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
SetEntriesInAclW
GetSecurityDescriptorDacl
LsaRetrievePrivateData
RegNotifyChangeKeyValue
RegEnumKeyExW
RegQueryInfoKeyW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
LsaFreeMemory
RegConnectRegistryW
RegEnumValueW
RegSetValueExW
RegEnumKeyW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteTreeW
RegQueryValueExW

kernel32

InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RegDeleteValueW
GetCurrentProcessId
LocalFree
LocalAlloc
SetLastError
Sleep
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
FreeLibrary
LoadLibraryW
GetProcAddress
GetComputerNameW
GetLastError
WaitForMultipleObjects
CloseHandle
CreateEventW
SystemTimeToFileTime
GetSystemTime
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA

Exports

Exports

GetDomainName
QueryUserProperty
RegBuildNumberQuery
RegCdCreateA
RegCdCreateW
RegCdDeleteA
RegCdDeleteW
RegCdEnumerateA
RegCdEnumerateW
RegCdQueryA
RegCdQueryW
RegCloseServer
RegConsoleShadowQueryA
RegConsoleShadowQueryW
RegCreateMonitorConfigW
RegCreateUserConfigW
RegDefaultUserConfigQueryA
RegDefaultUserConfigQueryW
RegDenyTSConnectionsPolicy
RegFreeUtilityCommandList
RegGetLicensePolicyID
RegGetLicensingModePolicy
RegGetMachinePolicy
RegGetMachinePolicyEx
RegGetMachinePolicyNew
RegGetTServerVersion
RegGetUserConfigFromUserParameters
RegGetUserPolicy
RegIsMachineInHelpMode
RegIsMachinePolicyAllowHelp
RegIsSrcAcceptingConnections
RegIsTServer
RegIsTimeZoneRedirectionEnabled
RegMergeUserConfigWithUserParameters
RegOpenServerA
RegOpenServerW
RegPdCreateA
RegPdCreateW
RegPdDeleteA
RegPdDeleteW
RegPdEnumerateA
RegPdEnumerateW
RegPdQueryA
RegPdQueryW
RegQueryAllowDWM
RegQueryConnectionSettings
RegQueryListenerStart
RegQueryMonitorSettings
RegQueryOEMId
RegQuerySessionSettings
RegQueryUtilityCommandList
RegSAMUserConfig
RegSetLicensePolicyID
RegSetSrcAcceptConnections
RegSetWinStationAllowDWM
RegUserConfigDelete
RegUserConfigQuery
RegUserConfigRename
RegUserConfigSet
RegWdCreateA
RegWdCreateW
RegWdDeleteA
RegWdDeleteW
RegWdEnumerateA
RegWdEnumerateW
RegWdQueryA
RegWdQueryW
RegWinStationAccessCheck
RegWinStationCreateA
RegWinStationCreateW
RegWinStationDeleteA
RegWinStationDeleteW
RegWinStationEnumerateA
RegWinStationEnumerateW
RegWinStationQueryA
RegWinStationQueryDefaultSecurity
RegWinStationQueryEx
RegWinStationQueryExNew
RegWinStationQueryExtendedSettingsW
RegWinStationQueryNumValueW
RegWinStationQuerySecurityA
RegWinStationQuerySecurityW
RegWinStationQueryValueW
RegWinStationQueryW
RegWinStationSetExtendedSettingsW
RegWinStationSetNumValueW
RegWinStationSetSecurityA
RegWinStationSetSecurityW
RegWinstationQuerySecurityConfig_Machine
RegWinstationQuerySecurityConfig_Merged
RegWinstationSetSecurityConfig
SetUserProperty
UsrPropGetString
UsrPropGetValue
UsrPropSetString
UsrPropSetValue
WaitForTSConnectionsPolicyChanges

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45cd88c710a716ac518134c559b2b732

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

kernel32

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 64KB

.data Size: 56KB - Virtual size: 56KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 65KB - Virtual size: 64KB

.data
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 3KB - Virtual size: 2KB