661352edea9815751d71d8a32b91537b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

661352edea9815751d71d8a32b91537b_JaffaCakes118
Size

362KB
MD5

661352edea9815751d71d8a32b91537b
SHA1

84a22ce80bb5216435d8d1e84ec783f29c3553f8
SHA256

8e30014980c17de171a7c44b2f29be8e4f1f839c503913c723d2673af0006d43
SHA512

9710374408456eec2d7dc034da56d464ade3d15a2879618f1e35be16e32d276b2473f0089b955124b895889286dd11ac0ed60024609af6e45d32911039b395f6
SSDEEP

6144:8aH74XcjiR3n6dp1lSyiZqCAGGwhVq1bqwlv:fbFc36dp1lkZCIb4RF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
661352edea9815751d71d8a32b91537b_JaffaCakes118

Files

661352edea9815751d71d8a32b91537b_JaffaCakes118
.dll windows:6 windows x86 arch:x86

283ab26631e15a86b107ba877f4d6379

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

newdev.pdb

Imports

msvcrt

_vsnwprintf
iswctype
free
malloc
memcpy
_wcsicmp
wcsstr
_resetstkoflw
_vsnprintf
toupper
wcsrchr
memmove
wcschr
_wcslwr
swscanf
??3@YAXPAX@Z
??2@YAPAXI@Z
_XcptFilter
memset
_initterm
_amsg_exit
_except_handler4_common

ntdll

NtSetInformationFile
NtQueryInformationFile
NtQueryInformationToken
NtClose
NtOpenProcessToken
NtOpenThreadToken
NtQuerySystemInformation
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteSize
RtlUnicodeToMultiByteN
DbgPrint
RtlNtStatusToDosError
NtQueryInformationProcess
WinSqmAddToStream
RtlSetThreadErrorMode
WinSqmSetDWORD

kernel32

OpenEventW
ReadFile
CreateFileW
WaitNamedPipeW
WaitForSingleObject
GetCommandLineW
GetExitCodeThread
CreateThread
ExitProcess
LoadLibraryA
GetModuleHandleA
LoadLibraryW
GetModuleHandleW
GetFileAttributesW
GetVersion
GetModuleFileNameW
OutputDebugStringA
ExpandEnvironmentStringsW
lstrlenW
CompareStringOrdinal
GetWindowsDirectoryW
lstrcmpiW
GetCurrentThreadId
GetExitCodeProcess
GetCurrentProcess
FormatMessageW
GetSystemInfo
FindClose
FindNextFileW
FindFirstFileW
ResetEvent
LocalReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemWow64DirectoryW
SetEvent
GetTimeFormatW
GetTempPathW
WriteFile
InterlockedIncrement
InterlockedDecrement
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
ExitThread
MultiByteToWideChar
GetFullPathNameW
CreateEventW
CloseHandle
FreeLibrary
LocalAlloc
LocalFree
GetNamedPipeServerSessionId
GetNamedPipeServerProcessId
SetLastError
GetProcAddress
Sleep
DisableThreadLibraryCalls
GetLastError
CreateFileMappingW
SetEndOfFile
MapViewOfFile
GetThreadLocale
ReleaseMutex
WaitForMultipleObjectsEx
UnmapViewOfFile
CompareStringW
GetCommandLineA
MoveFileExW
LCMapStringW
lstrcmpW
SetFileAttributesW
CreateHardLinkW
GetFileInformationByHandle
DeleteFileW
GetFileSize
GetLocalTime
GetVersionExW
SetFilePointer
FlushFileBuffers
GetCurrentThread
GetModuleFileNameA
GetSystemWindowsDirectoryW
RaiseException
WaitForSingleObjectEx
DeviceIoControl
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateMutexW
lstrlenA
WideCharToMultiByte
SetErrorMode
CreateDirectoryW
HeapAlloc
HeapReAlloc
LoadLibraryExW
HeapFree
GetProcessHeap
GetDateFormatW

advapi32

GetTraceEnableFlags
EqualSid
IsValidSid
GetLengthSid
CopySid
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegOpenKeyExW
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
TraceMessage
RegQueryValueExW

user32

GetSystemMetrics
IsDialogMessageW
PeekMessageW
EnableWindow
LoadImageW
SendMessageW
SetProcessDPIAware
GetParent
FindWindowW
LoadStringW
SetWindowTextW
EndDialog
CheckRadioButton
GetSysColorBrush
GetDlgCtrlID
DialogBoxParamW
SendDlgItemMessageW
DestroyIcon
AllowSetForegroundWindow
GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
GetSysColor
LoadIconW
RegisterWindowMessageW
CallWindowProcW
SetFocus
GetWindow
ShowWindow
CheckDlgButton
SetTimer
KillTimer
IsDlgButtonChecked
LoadCursorW
SetCursor
GetDlgItem
GetWindowTextLengthW
GetDlgItemTextW
SetDlgItemTextW
GetWindowLongW
SetWindowLongW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
IsWindow

gdi32

SetTextColor
CreateSolidBrush
GetObjectW
CreateFontIndirectW
SetBkColor
DeleteObject

uxtheme

CloseThemeData
OpenThemeData
GetThemeColor
GetThemeFont

cfgmgr32

CM_Get_First_Log_Conf_Ex
CM_Locate_DevNode_ExW
CM_Get_DevNode_Status
CM_Install_DevNode_ExW

setupapi

SetupSetNonInteractiveMode
pSetupDiGetStrongNameForDriverNode
pSetupDiInvalidateHelperModules
pSetupDiBuildInfoDataFromStrongName
SetupDiGetClassInstallParamsW
SetupDiBuildClassInfoList
SetupUninstallOEMInfW
SetupDiGetDriverInstallParamsW
SetupDiCancelDriverInfoSearch
SetupDiLoadDeviceIcon
SetupWriteTextLogError
SetupWriteTextLog
SetupDiGetDriverInfoDetailW
SetupDiGetDeviceInfoListDetailW
SetupDiGetWizardPage
SetupDiGetClassImageIndex
SetupDiGetClassDescriptionW
SetupGetStringFieldW
SetupFindFirstLineW
SetupGetLineCountW
SetupCloseInfFile
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupDiCallClassInstaller
SetupDiGetDevicePropertyW
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetSelectedDriverW
SetupDiReportDeviceInstallError
SetupDiReportDriverNotFoundError
SetupDiReportAdditionalSoftwareRequested
SetupDiReportGenericDriverInstalled
SetupDiReportPnPDeviceProblem
SetupGetNonInteractiveMode
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetSelectedDevice
SetupDiGetDeviceInstanceIdW
pSetupStringFromGuid
SetupSetThreadLogToken
SetupGetThreadLogToken
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiDeleteDeviceInfo
SetupDiEnumDriverInfoW
SetupAddToSourceListW
SetupFreeSourceListW
SetupQuerySourceListW
SetupDiCreateDeviceInfoListExW
SetupFindNextLine
SetupGetFieldCount
SetupDiGetActualModelsSectionW
SetupDiSetClassInstallParamsW
SetupCopyOEMInfW
SetupDiGetClassImageList
SetupDiDestroyClassImageList
SetupDiSetDevicePropertyW
SetupDiBuildDriverInfoList
SetupDiDestroyDriverInfoList
SetupDiSetSelectedDriverW
SetupDiGetSelectedDevice

Exports

Exports

DeviceInternetSettingUiW
DiInstallDevice
DiInstallDriverA
DiInstallDriverW
DiRollbackDriver
DiShowUpdateDevice
DiUninstallDevice
InstallNewDevice
InstallSelectedDriver
InstallWindowsUpdateDriver
SetInternetPolicies
UpdateDriverForPlugAndPlayDevicesA
UpdateDriverForPlugAndPlayDevicesW
pDiDeviceInstallActionW
pDiDeviceInstallNotificationW
pDiDoDeviceInstallAsAdmin
pDiDoFinishInstallAsAdmin
pDiDoNullDriverInstall

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

283ab26631e15a86b107ba877f4d6379

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

user32

gdi32

uxtheme

cfgmgr32

setupapi

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 130KB

.data Size: 56KB - Virtual size: 57KB

.rsrc Size: 167KB - Virtual size: 166KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 130KB - Virtual size: 130KB

.data
Size: 56KB - Virtual size: 57KB

.rsrc
Size: 167KB - Virtual size: 166KB

.reloc
Size: 7KB - Virtual size: 7KB