5ae2ad8f0be144ce732badf7dec0a16e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ae2ad8f0be144ce732badf7dec0a16e_JaffaCakes118
Size

187KB
MD5

5ae2ad8f0be144ce732badf7dec0a16e
SHA1

8d9a60cb4f9cf12567a1b33d57006ceace93245b
SHA256

888b2c614567fb5b4474ddeeb453f8cd9f44d72efb325f7e3652fd0f748c08f1
SHA512

4a8217796271f6648983698112dd218e1ddfcd8111e4664ba6626ad52e14efe813dc1a5d8840e40edad2d9cb3a35771e38772791e04e4a2168b792d4a378f435
SSDEEP

3072:hQvN1JP1IJnMy2CUhpYoqo6VXCfHXxSTOmu2lZmEyA+w/ax:hyP1yMvCUcoqo6VXCPXLm5bmEyA3/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ae2ad8f0be144ce732badf7dec0a16e_JaffaCakes118

Files

5ae2ad8f0be144ce732badf7dec0a16e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6f433d5568f2091f416074eef0d90c81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtMapViewOfSection
NtUnmapViewOfSection
RtlNtStatusToDosError
ZwClose
NtCreateSection
memcpy
ZwOpenProcessToken
memset
ZwOpenProcess
ZwQueryInformationToken
NtSuspendProcess
NtSetContextThread
NtResumeProcess
ZwQueryInformationProcess
NtGetContextThread
_strnicmp
_wcsnicmp
NtQuerySystemInformation
NtQueryInformationFile
RtlEqualUnicodeString
NtQueryObject
RtlCompareUnicodeString
RtlInitUnicodeString
_strupr
_chkstk
_allmul
_aulldiv
ZwQueryKey
_alldiv
_vsnprintf

psapi

GetMappedFileNameA
EnumProcessModules
GetModuleFileNameExA

shlwapi

PathRemoveArgsW
PathRemoveBlanksA
PathRemoveArgsA
StrChrW
PathRemoveBlanksW
StrTrimW
PathStripPathA
StrRChrA
StrRChrW
StrChrA
StrDupA
StrCmpNIW

ws2_32

WSAStartup
htons
WSACleanup
send
htonl
ioctlsocket
connect
select
shutdown
recv
bind
socket
closesocket
listen
accept

kernel32

WaitForMultipleObjects
GetModuleHandleA
CloseHandle
CreateThread
InitializeCriticalSection
LeaveCriticalSection
IsBadStringPtrA
EnterCriticalSection
DeleteCriticalSection
GetVersion
UnhandledExceptionFilter
IsDebuggerPresent
GetThreadContext
ReadProcessMemory
VirtualProtectEx
WriteProcessMemory
SuspendThread
ResumeThread
SwitchToThread
HeapReAlloc
CreateEventA
lstrcmpA
CreateFileA
GetFileSize
SetFilePointer
VirtualFree
ReadFile
GetCurrentThreadId
VirtualAllocEx
GetProcAddress
FreeLibrary
LoadLibraryA
ExpandEnvironmentStringsW
GetVersionExA
lstrcmpW
LocalAlloc
GetLastError
HeapCreate
RtlUnwind
TerminateProcess
Sleep
OpenProcess
GetModuleHandleW
SetUnhandledExceptionFilter
SetErrorMode
ReleaseMutex
VirtualProtect
WaitForSingleObject
lstrcmpiA
TerminateThread
LoadLibraryW
GetCurrentThread
GetTickCount
SleepEx
GetCurrentProcess
lstrcpyW
lstrcatW
lstrcmpiW
SetLastError
VerLanguageNameW
GetLocaleInfoW
GetProcessTimes
GetSystemTimeAsFileTime
GetFileInformationByHandle
DeleteFileW
DuplicateHandle
CreateToolhelp32Snapshot
Process32NextW
RemoveDirectoryW
GetProcessId
Process32FirstW
WriteFile
CreateDirectoryW
SetFilePointerEx
SetEndOfFile
MulDiv
GetSystemTime
SystemTimeToFileTime
GetSystemWindowsDirectoryA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CreateMutexA
lstrcatA
GetComputerNameW
lstrcpyA
LocalFree
GetCurrentProcessId
GetModuleFileNameA
OutputDebugStringA
HeapDestroy
SetEvent
HeapFree
HeapAlloc
VirtualAlloc
lstrlenA
OpenEventA
FindFirstFileW
GlobalFree
GetLongPathNameW
GetTempPathW
GlobalUnlock
GlobalAlloc
GlobalLock
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
InterlockedDecrement
InterlockedIncrement
lstrcpynW
GetEnvironmentVariableW
FindNextFileW
FindClose
CreateFileW
OpenThread

user32

GetScrollBarInfo
DefWindowProcA
GetMenuState
SetClassLongA
GetWindowLongA
GetAncestor
SetWindowLongA
TrackPopupMenuEx
EndPaint
SetTimer
CharUpperBuffW
DrawTextW
KillTimer
BeginPaint
GetSysColor
MoveWindow
GetWindowThreadProcessId
IsWindow
WindowFromDC
FindWindowExA
GetThreadDesktop
GetClassLongA
ActivateKeyboardLayout
FindWindowA
EndMenu
CallWindowProcA
PrintWindow
HiliteMenuItem
PostMessageA
GetMenuItemCount
SetLayeredWindowAttributes
SendMessageTimeoutA
SetWindowsHookExA
UnhookWindowsHookEx
ClientToScreen
GetClassNameA
GetSystemMenu
ScreenToClient
TrackPopupMenu
FillRect
GetMenuItemID
SetKeyboardState
GetSubMenu
GetParent
CallNextHookEx
GetWindowInfo
MenuItemFromPoint
GetClientRect
SendMessageA
GetMenu
GetMenuItemRect
ReleaseDC
GetDC
wsprintfW
wsprintfA
GetUserObjectInformationA
DestroyMenu
DispatchMessageA
AppendMenuA
SetThreadDesktop
CreatePopupMenu
TranslateMessage
ExitWindowsEx
GetKeyState
PostThreadMessageA
GetMessageA
ShowWindow
SetWindowPos
EndDialog
CreateDialogIndirectParamW
GetWindowRect
DestroyWindow
IsRectEmpty
GetWindow
MapWindowPoints
GetSystemMetrics
GetMenuItemInfoA
GetDoubleClickTime
GetMenuDefaultItem
GetDesktopWindow
RegisterWindowMessageA
CloseDesktop
CreateDesktopA
EnumDesktopWindows
GetWindowTextA
CloseClipboard
DrawEdge
IsIconic
IsWindowVisible
EnumChildWindows
BringWindowToTop
GetGUIThreadInfo
PtInRect
SetFocus
WindowFromPoint
AttachThreadInput
SetForegroundWindow
GetLastActivePopup
SetActiveWindow
RealChildWindowFromPoint
IntersectRect
ToUnicodeEx
VkKeyScanA
GetKeyboardLayoutList
MapVirtualKeyExA
MapVirtualKeyA
GetKeyboardLayout
ToAscii
VkKeyScanExA
VkKeyScanExW
SetWinEventHook
UnhookWinEvent
ChildWindowFromPointEx
RegisterClassA
GetClipboardOwner
SetClipboardData
OpenClipboard
ChangeClipboardChain
EmptyClipboard
CreateWindowExA
GetClipboardData
SendNotifyMessageA
RedrawWindow

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetClipRgn
GetViewportOrgEx
SetViewportOrgEx
DeleteObject
SelectClipRgn
CreateRectRgn
GetSystemPaletteEntries
GetDeviceCaps
DeleteDC
GetRegionData
GdiFlush
GetStockObject
CreatePatternBrush
CombineRgn
CreateBitmap
SetDIBColorTable
GetDIBits
CreateDIBSection
ExtTextOutA
GetClipBox
SetBkMode
SetBkColor
CreateFontA
SetTextColor
SetWindowOrgEx
BitBlt

advapi32

RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
GetUserNameW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExW

shell32

ShellExecuteA

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam

ole32

CoUninitialize
CoInitialize

Exports

Exports

PluginRegisterCallbacks
VncStartServer
VncStopServer

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f433d5568f2091f416074eef0d90c81

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

psapi

shlwapi

ws2_32

kernel32

user32

gdi32

advapi32

shell32

crypt32

ole32

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 14KB - Virtual size: 16KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 14KB - Virtual size: 16KB

.reloc
Size: 11KB - Virtual size: 10KB