6299e5a41eb1bb22fe7b6eab2a34c412_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6299e5a41eb1bb22fe7b6eab2a34c412_JaffaCakes118
Size

124KB
MD5

6299e5a41eb1bb22fe7b6eab2a34c412
SHA1

cf49ce73ae5c74911fa43e09788a2998c67832ff
SHA256

6518f227d524ee9675bbb6f7906cb5a005f74fa52f961daa59cf170aff3b1de2
SHA512

c5e5a2e68bb065cfb77cbf6bfbfa83eb559e9e76560a410318d60f63f8de13325902f647bf4e6d87395b7216d2d2e3a720cc7dd78390c972c26996d565116605
SSDEEP

3072:voaRxGrzXDU27+p8r9jmPET2V8qqzhSerHyjdlvY:vmXDh7+29jkQs8rzhSsEvY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6299e5a41eb1bb22fe7b6eab2a34c412_JaffaCakes118

Files

6299e5a41eb1bb22fe7b6eab2a34c412_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

573180969c91ea15c20ef2a4b1bd59e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVolumeNameForVolumeMountPointW
InterlockedExchangeAdd
LCMapStringW
VirtualAllocEx
GetShortPathNameA
GetCommandLineW
GetDefaultCommConfigW
SetProcessWorkingSetSize
FillConsoleOutputCharacterW
InterlockedCompareExchange
LoadResource
CancelIo
GlobalReAlloc
SetFileTime
RtlMoveMemory
GetConsoleMode
LocalLock
GlobalAddAtomA
SetFileApisToOEM
GetCurrentDirectoryW
GetThreadContext
GetBinaryTypeW
GetEnvironmentVariableW
GetVolumeInformationA
lstrlenW
HeapCompact
GetCommandLineA
FindResourceW
FindFirstFileA
SetFileAttributesA
SetLastError
GetTempPathA
RegisterWaitForSingleObject
SetProcessShutdownParameters
GetCurrentThread
CallNamedPipeA
GetUserDefaultUILanguage
CopyFileW
GlobalGetAtomNameA
SetCurrentDirectoryA
GetVersionExA
TransactNamedPipe
GetSystemTime
GetShortPathNameW
GetLogicalDriveStringsW
GetTimeZoneInformation
GetUserDefaultLCID
PurgeComm
FindFirstChangeNotificationW
OpenProcess
GetThreadPriority
FindFirstFileExW
lstrcpynW
FindNextFileA
GetSystemPowerStatus
SetNamedPipeHandleState
GetConsoleOutputCP
RemoveDirectoryW
GetSystemDirectoryA
SetVolumeMountPointW
VerifyVersionInfoW
FillConsoleOutputAttribute
HeapUnlock
GetFileAttributesExA
SetFilePointer
FindResourceExW
GetTimeFormatW
UnlockFile
GetWindowsDirectoryW
GetSystemDirectoryW
SetInformationJobObject
GetEnvironmentStringsW
WriteConsoleW
CreateIoCompletionPort
CreateJobObjectW
lstrcmpiW
WaitForMultipleObjectsEx
MultiByteToWideChar
MoveFileExA
WaitNamedPipeW
UpdateResourceA
CreateConsoleScreenBuffer
CreateRemoteThread
ReadConsoleInputW
lstrlenA
CreateFileMappingW
DisconnectNamedPipe
FlushFileBuffers
GetTapeParameters
GlobalDeleteAtom
GetTempPathW
GetLogicalDrives
QueryPerformanceFrequency
SetFilePointerEx
LocalUnlock
GetSystemDefaultLangID
SetConsoleMode
OpenFileMappingW
GetFileTime
GetWindowsDirectoryA
EscapeCommFunction
AddAtomA
WideCharToMultiByte
GetSystemWow64DirectoryW
SetConsoleTitleA
GetSystemTimeAdjustment
OpenJobObjectW
CompareStringA
VirtualAlloc
IsBadStringPtrW
CreateMailslotA
GlobalFindAtomA
SetHandleCount
SetVolumeLabelW
LocalFlags
FreeConsole
WaitNamedPipeA
IsValidLocale
GetHandleInformation
SetConsoleActiveScreenBuffer
Sleep
VirtualProtect
GetLastError
MapViewOfFile
GlobalAlloc
InterlockedExchange
CreateDirectoryA
GetProcessHeap
ExpandEnvironmentStringsA
CloseHandle
UnmapViewOfFile
DeleteFileA
WaitForSingleObject
MoveFileA
GetSystemTimeAsFileTime
CreateMutexA
InitializeCriticalSection
LocalFree
CopyFileA
GetTickCount
HeapAlloc
CreateProcessA
GetCurrentProcessId
LeaveCriticalSection
CreateFileMappingA
GetProcAddress
ReleaseMutex
RtlUnwind
LoadLibraryA

ole32

CreateItemMoniker
StringFromGUID2
ReadFmtUserTypeStg
CoCreateGuid
CreateBindCtx
OleCreateLinkToFile
CoGetMarshalSizeMax
CoSwitchCallContext
CoGetObjectContext
StgIsStorageFile
CreatePointerMoniker
CoFileTimeNow
OleCreateMenuDescriptor
OleCreateLinkFromData
OleLockRunning
CoTaskMemRealloc
CoGetMalloc
StgCreateDocfileOnILockBytes
MkParseDisplayName
OleSaveToStream
OleCreateLink
CreateILockBytesOnHGlobal
CreateDataAdviseHolder
CoGetClassObject
FreePropVariantArray
OleCreateFromFile
StgOpenStorageEx
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateInstance
OleSetContainedObject
RegisterDragDrop

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
RegQueryInfoKeyA
RegQueryValueExA
RegOpenKeyExA
StartServiceCtrlDispatcherW
OpenEventLogW
RegOpenKeyExW
SetTokenInformation
SetThreadToken
RegRestoreKeyW
RegEnumValueW
GetInheritanceSourceW
EnumServicesStatusExW
QueryServiceConfig2W
CloseEventLog
QueryServiceStatusEx
ControlService
RegQueryValueExW
RegSaveKeyExW
ReadEventLogA
GetServiceKeyNameW
GetServiceDisplayNameW
RegQueryValueA
QueryServiceLockStatusW
RegLoadKeyA
StartServiceCtrlDispatcherA
RegConnectRegistryW
ReportEventA
RegEnumKeyExA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

573180969c91ea15c20ef2a4b1bd59e9

Headers

File Characteristics

Imports

kernel32

ole32

advapi32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 3KB