4c5244aa15371b24b2c59bb2cc1a2fb1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c5244aa15371b24b2c59bb2cc1a2fb1_JaffaCakes118
Size

285KB
MD5

4c5244aa15371b24b2c59bb2cc1a2fb1
SHA1

689eb18be9b7ed8107dda77faafb4d99a7da9c4d
SHA256

0131fcf980537d0e0d7ffe69abd101b4e070fd639ca5e1b3c6e2e394223a471c
SHA512

fd4843514eaf059356075e5a63cafeb772c1613811d2d1d8427ebb3a74cdcd3415c07b553456a41b7ce7f85b04dda67499641033b669e3232eafe0aec45bb487
SSDEEP

6144:aPpeFMByZqCm163VAdHyqYdZXQd/YPMI97+6WXq:EQFKyZ1m163iHyHdZXMz6n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c5244aa15371b24b2c59bb2cc1a2fb1_JaffaCakes118

Files

4c5244aa15371b24b2c59bb2cc1a2fb1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1e762f0b3640c41bdf303d261821e669

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aclui.pdb

Imports

msvcrt

_itow
wcslen
free
_initterm
_adjust_fdiv
malloc
_except_handler3

ntdll

RtlCreateUnicodeString
RtlLengthSid
RtlFreeUnicodeString

kernel32

LoadLibraryA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
InterlockedCompareExchange
lstrcpyW
LockResource
LoadResource
FindResourceW
FormatMessageW
GetCurrentThread
InitializeCriticalSection
Sleep
GetProcAddress
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
lstrlenW
GetTickCount
InterlockedIncrement
SetLastError
GlobalLock
GlobalUnlock
LoadLibraryW
CreateThread
GetModuleHandleW
FreeLibraryAndExitThread
LocalSize
WaitForSingleObject
GetCurrentProcess
lstrcpynW
CloseHandle
GetLastError
CompareStringW
DisableThreadLibraryCalls
FreeLibrary
LocalFree
LocalAlloc
DelayLoadFailureHook
GetModuleFileNameW
GetWindowsDirectoryW
SetUnhandledExceptionFilter

user32

GetDC
InflateRect
SetScrollInfo
OffsetRect
RegisterClassW
LoadBitmapW
SetWindowTextW
DrawTextW
GetSysColorBrush
GetScrollInfo
SetScrollPos
ScrollWindow
DefWindowProcW
MapDialogRect
SystemParametersInfoW
ScreenToClient
ChildWindowFromPoint
FrameRect
GetSysColor
GetWindowTextW
DrawFocusRect
GetDlgCtrlID
GetDlgItemTextW
PostMessageW
SendDlgItemMessageW
ReleaseDC
MapWindowPoints
DestroyWindow
IsWindowEnabled
WinHelpW
GetWindowLongW
LoadCursorW
SetCursor
ShowWindow
SetDlgItemTextW
GetWindow
GetClientRect
GetSystemMetrics
CheckDlgButton
IsDlgButtonChecked
SetWindowLongW
GetParent
MessageBoxW
GetFocus
SetFocus
EnableWindow
DialogBoxParamW
EndDialog
LoadIconW
GetDlgItem
SendMessageW
LoadStringW
RegisterWindowMessageW
RegisterClipboardFormatW
CreateWindowExW
ShowScrollBar
GetWindowRect
MoveWindow
SetWindowPos

gdi32

CreateFontIndirectW
GetObjectW
DeleteObject
SetBkMode
SetTextColor
SelectObject
SetBkColor

shlwapi

StrRChrW
StrChrW
PathAppendW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenThreadToken
DuplicateTokenEx
AdjustTokenPrivileges
SetThreadToken
CopySid
LsaLookupSids
GetWindowsAccountDomainSid
GetLengthSid
ConvertSidToStringSidW
EqualSid
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
InitializeAcl
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
IsValidSid
GetTokenInformation
OpenProcessToken
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
LsaOpenPolicy
GetSidSubAuthorityCount
LookupAccountNameW
IsValidSecurityDescriptor
EqualPrefixSid
GetSidSubAuthority
LookupAccountSidW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
ReleaseStgMedium

oleaut32

SysReAllocStringLen
SysAllocStringLen
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString

shell32

ord259
ord258

Exports

Exports

CreateSecurityPage
EditSecurity
IID_ISecurityInformation

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e762f0b3640c41bdf303d261821e669

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

gdi32

shlwapi

advapi32

ole32

oleaut32

shell32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 72KB

.data Size: 169KB - Virtual size: 169KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 72KB

.data
Size: 169KB - Virtual size: 169KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 5KB - Virtual size: 4KB