599ee4a7aacf67f479f28e8f18c25690_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

599ee4a7aacf67f479f28e8f18c25690_JaffaCakes118
Size

449KB
MD5

599ee4a7aacf67f479f28e8f18c25690
SHA1

d3cc4bf00af56606368bc21dd57ec7b41172da45
SHA256

1a2cffbf8e3f1a75ed2c05471ea1874d1778b4f8d3c940d11bbf8e6f1d3e5e6e
SHA512

7639651b498d14e2ca2fd519e873bb168573a2f9c2145a6585a1b23e2365b65b5ebbae96c8761d54cd3865877a4b333046cb315992d04d2bb1a6e12cf96956f8
SSDEEP

12288:L1U/qm8Se6qmJ2p27rL3hS6bXu2lUONu/w:Zsrg3n2tS6Tu2lUEc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
599ee4a7aacf67f479f28e8f18c25690_JaffaCakes118

Files

599ee4a7aacf67f479f28e8f18c25690_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f26bbea8cc130299df9f339750c9fc86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiOpenDeviceInterfaceW
SetupDiOpenClassRegKey
SetupDiGetHwProfileFriendlyNameExW
SetupDiGetDeviceInfoListClass
SetupDiGetClassRegistryPropertyW
SetupDiGetClassDevsA
SetupCommitFileQueueA
CM_Set_HW_Prof_Ex
CM_Request_Device_EjectA
CM_Get_Resource_Conflict_DetailsW
CM_Get_Res_Des_Data_Ex
CM_Get_DevNode_Custom_PropertyW
CM_Enable_DevNode
CM_Disable_DevNode_Ex
CM_Create_Range_List
CMP_Report_LogOn

ntdll

RtlxUnicodeStringToAnsiSize
RtlUpdateTimer
RtlUnicodeToOemN
RtlSetAllBits
RtlNtStatusToDosError
RtlInitUnicodeString
RtlGetUserInfoHeap
RtlGetOwnerSecurityDescriptor
RtlFindClearBitsAndSet
RtlEqualPrefixSid
ZwAdjustPrivilegesToken
RtlDeleteSecurityObject
RtlDeleteAtomFromAtomTable
RtlCreateUserThread
RtlCreateAcl
RtlApplyRXactNoFlush
RtlAddAccessDeniedAceEx
NtSetDefaultLocale
NtReadFileScatter
NtQueryTimerResolution
NtPrivilegeObjectAuditAlarm
NtNotifyChangeDirectoryFile
NtFlushVirtualMemory
NtCloseObjectAuditAlarm
NtAllocateUuids
LdrFlushAlternateResourceModules
ZwCompleteConnectPort
ZwImpersonateThread
RtlEqualComputerName

kernel32

GetCompressedFileSizeA
ExitProcess
EscapeCommFunction
EnumSystemLanguageGroupsA
EnumSystemCodePagesA
EnumDateFormatsExA
EnumCalendarInfoA
DeleteFileA
CreateSemaphoreA
CreateMutexW
CompareStringA
CancelTimerQueueTimer
CancelDeviceWakeupRequest
FindFirstFileExA
FindFirstVolumeMountPointA
FreeUserPhysicalPages
GetCommState
lstrcpyW
lstrcpyA
WriteFileGather
VerifyVersionInfoA
VerLanguageNameW
VerLanguageNameA
SetupComm
SetLastError
SetFilePointerEx
SetCommMask
ResetEvent
PrepareTape
OpenWaitableTimerW
OpenSemaphoreA
MoveFileWithProgressA
LocalSize
LCMapStringA
HeapAlloc
GlobalUnWire
GlobalFindAtomW
GetTickCount
GetProfileIntA
GetProcessPriorityBoost
GetProcAddress
GetPrivateProfileIntW
GetMailslotInfo
GetLocalTime
GetFileSize
GetDateFormatA
GetCommandLineA
FatalAppExitA

version

GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerFindFileA
VerInstallFileA
VerInstallFileW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoA

winmm

midiOutMessage
midiOutGetID
midiOutSetVolume
midiStreamOut
midiStreamPosition
mixerGetDevCapsA
mixerGetDevCapsW
mmTaskBlock
mmGetCurrentTask
midiOutLongMsg
mixerGetLineInfoW

comdlg32

FindTextW
GetOpenFileNameW
GetFileTitleW

user32

PostMessageA
LoadIconA
GetMenu
GetDC
EndDialog
DestroyWindow
DefDlgProcA
CharUpperA
CharToOemA
ActivateKeyboardLayout
SendMessageA
UpdateWindow
RegisterClassA

Exports

Exports

BHffjxKFiDvzcHrjm
IbrMuceFjkkfv
Ihi
KptCZL
Lilheqbckuflfpd
SkXklhWccupwyHvkmry
csgjXecpfR
eHazdsbuiawhrsUulz
ihsv
ihxfjowX
qgrrh
ukopygpzziTu
xnonukvdIx
yoqxp

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 667KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f26bbea8cc130299df9f339750c9fc86

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

ntdll

kernel32

version

winmm

comdlg32

user32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 362KB - Virtual size: 667KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 362KB - Virtual size: 667KB

.rsrc
Size: 26KB - Virtual size: 26KB