5c0dde8688872dfbe57069e3fd6dd545_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5c0dde8688872dfbe57069e3fd6dd545_JaffaCakes118
Size

328KB
MD5

5c0dde8688872dfbe57069e3fd6dd545
SHA1

4baaa06d19ba2e1eb424251e5df4133e5af725a3
SHA256

8608120d12354a42a26046c5f692f76cfb8d4df2894a7edddbd1cea7e20ecdc0
SHA512

21bc22e3d78a34ceae00f01a1f0b19a42c8d9f5777cd51f281c85866f055b036d3f9e1382aef8a5d549b7dc89e3f42691aeeb5d6f3f0e0f82f6ab8a870e7aa77
SSDEEP

6144:leWU1EoYJ60O2hGTj/I0kkhIBtInj181Fyt7CbadrjswA8:n80Nh2XkkhIBtInj1Gyt7ldJA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c0dde8688872dfbe57069e3fd6dd545_JaffaCakes118

Files

5c0dde8688872dfbe57069e3fd6dd545_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

bc289ecd47e0c7d774df1a025cdf6215

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

HNetCfg.pdb

Imports

msvcrt

malloc
free
realloc
??2@YAPAXI@Z
swprintf
wcslen
_wcsicmp
_snwprintf
wcscpy
wcsncpy
wcsstr
wcstombs
wcscmp
_wtoi
wcscat
_ultow
wcstoul
iswdigit
_wcsnicmp
wcschr
wcsncmp
qsort
iswalpha
wcspbrk
memmove
_initterm
_adjust_fdiv
?terminate@@YAXXZ
_except_handler3
__CxxFrameHandler
??3@YAXPAX@Z

ntdll

RtlIpv4AddressToStringW
NtQueryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlNtStatusToDosError
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
NtSetValueKey
NtClose
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
VerSetConditionMask
RtlStringFromGUID
RtlFreeUnicodeString
NtQueryValueKey
RtlInitUnicodeString
NtOpenKey
NtOpenFile

advapi32

FreeSid
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegNotifyChangeKeyValue
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteKeyW
ChangeServiceConfigW
StartServiceW
ControlService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegEnumKeyExW

gdi32

GetTextExtentPointW
GetTextExtentPoint32W
ExtTextOutW
SetBkColor
SetTextColor
SelectObject
DeleteObject
GetTextMetricsW

kernel32

LockResource
WideCharToMultiByte
lstrcmpA
DeviceIoControl
SetLastError
DelayLoadFailureHook
GetCurrentThreadId
VerifyVersionInfoW
GetModuleHandleW
FormatMessageW
GlobalAlloc
GlobalFree
GlobalReAlloc
IsBadReadPtr
LocalFree
LocalAlloc
CreateThread
FreeLibraryAndExitThread
OpenEventW
ExpandEnvironmentStringsW
GlobalDeleteAtom
IsBadWritePtr
GetComputerNameExW
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetComputerNameA
WaitForSingleObject
OpenProcess
SetEvent
GetLongPathNameW
InitializeCriticalSectionAndSpinCount
QueueUserWorkItem
CreateEventW
CreateFileW
SwitchToThread
InterlockedExchange
QueueUserAPC
WaitForSingleObjectEx
UnregisterWaitEx
RegisterWaitForSingleObject
GlobalAddAtomW
InterlockedCompareExchange
FreeLibrary
MultiByteToWideChar
lstrlenW
lstrcpyW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
lstrcpynW
HeapDestroy
lstrcatW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
DisableThreadLibraryCalls
lstrlenA
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
GetShortPathNameW
HeapFree
HeapAlloc
GetProcessHeap
Sleep
CloseHandle

rpcrt4

NdrCStdStubBuffer_Release
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrDllGetClassObject
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2
NdrOleAllocate

user32

ReleaseDC
CharPrevW
LoadIconW
SetPropW
GetPropW
CallWindowProcW
GetDlgCtrlID
SendMessageW
GetWindowTextLengthW
GetSysColor
GetParent
GetSystemMetrics
GetWindowLongW
SetWindowLongW
GetWindowRect
SetWindowPos
LoadStringW
CharNextW
GetDC
GetClientRect
IsWindowEnabled
GetDlgItem
wsprintfW
WinHelpW
UnhookWindowsHookEx
MessageBoxW
SetWindowsHookExW
BeginDeferWindowPos
DialogBoxParamW
IsDlgButtonChecked
GetDlgItemInt
SetFocus
CheckDlgButton
SetDlgItemTextW
SetDlgItemInt
EndDialog
RemovePropW
EndDeferWindowPos
PostMessageW
ShowWindow
MapWindowPoints
EnableWindow
SetWindowTextW
GetWindowTextW
DeferWindowPos

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HNetDeleteRasConnection
HNetFreeFirewallLoggingSettings
HNetFreeSharingServicesPage
HNetGetFirewallSettingsPage
HNetGetShareAndBridgeSettings
HNetGetSharingServicesPage
HNetSetShareAndBridgeSettings
HNetSharedAccessSettingsDlg
HNetSharingAndFirewallSettingsDlg
IcfChangeNotificationCreate
IcfChangeNotificationDestroy
IcfCheckAppAuthorization
IcfCloseDynamicFwPort
IcfConnect
IcfDisconnect
IcfFreeAdapters
IcfFreeDynamicFwPorts
IcfFreeProfile
IcfFreeString
IcfFreeTickets
IcfGetAdapters
IcfGetCurrentProfileType
IcfGetDynamicFwPorts
IcfGetOperationalMode
IcfGetProfile
IcfGetTickets
IcfIsIcmpTypeAllowed
IcfIsPortAllowed
IcfOpenDynamicFwPort
IcfOpenDynamicFwPortWithoutSocket
IcfOpenFileSharingPorts
IcfRefreshPolicy
IcfRemoveDisabledAuthorizedApp
IcfSetServicePermission
IcfSubNetsGetScope
IcfSubNetsIsStringValid
IcfSubNetsToString
WinBomConfigureWindowsFirewall

Sections

.text
Size: 248KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.texc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bc289ecd47e0c7d774df1a025cdf6215

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

gdi32

kernel32

rpcrt4

user32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 252KB

.orpc Size: 512B - Virtual size: 4KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 55KB - Virtual size: 56KB

.reloc Size: 18KB - Virtual size: 20KB

.texc Size: 2KB - Virtual size: 4KB

.text
Size: 248KB - Virtual size: 252KB

.orpc
Size: 512B - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 55KB - Virtual size: 56KB

.reloc
Size: 18KB - Virtual size: 20KB

.texc
Size: 2KB - Virtual size: 4KB