766de71afede69df0224392c7f80ac73_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

766de71afede69df0224392c7f80ac73_JaffaCakes118
Size

1.9MB
MD5

766de71afede69df0224392c7f80ac73
SHA1

0fedc8d0670d7a899b03be3bb84a12cd985c33bd
SHA256

2b2c814d8ce617cd482f5f158188f36a0b34688f0ba68e3dd2441070d8575c0b
SHA512

98a5cec3c734cb1f0279833d57e6e137c7295d39ed7c8e296377ed28153c66c8ff050d5d073b052ae07c2d80f7719e7c2f0049d4b9654e76c216caccaccef1df
SSDEEP

49152:+TBSaS1oEUOXFwRCbPs0xxLACU8jgJmC4+th42ZXpQsXU7:+FJLXOVwAsf7L4qD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
766de71afede69df0224392c7f80ac73_JaffaCakes118

Files

766de71afede69df0224392c7f80ac73_JaffaCakes118
.dll windows:6 windows x86 arch:x86

987c101a1c12cfd1048bdab1d868d054

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
GetProcAddress
GetCalendarInfoA
GetThreadContext
HeapDestroy
FillConsoleOutputAttribute
GetCurrencyFormatW
HeapAlloc
RaiseException
CloseHandle
DeleteFileA
GetSystemDirectoryA
CreateFileW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetMailslotInfo
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetACP
GetStringTypeW
GetFileType
GetStdHandle
LCMapStringW
CompareStringW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
DecodePointer
InterlockedFlushSList
GetStartupInfoW
MulDiv
SetUnhandledExceptionFilter
LoadLibraryExW
CreateIoCompletionPort
CreateMailslotW
SetThreadContext
BackupRead
CreateFileMappingW
IsBadReadPtr
CreateDirectoryA
TlsGetValue
lstrcpyW
FreeLibrary
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
GetFileSize
GetCPInfo
LocalFree
GetCurrentThread
GetConsoleDisplayMode
GetLastError
GetFileInformationByHandle
SetFileAttributesW
Sleep
PostQueuedCompletionStatus
GetCommTimeouts
GetCurrentThreadId
LocalAlloc
WaitForSingleObject
GetVolumeInformationA
FindClose
lstrlenA
LeaveCriticalSection
CreateConsoleScreenBuffer
FindNextFileA
SetMailslotInfo
GetStringTypeExW
lstrlenW
GetCurrentProcess
EnterCriticalSection
HeapFree
TlsSetValue
RtlUnwind
HeapCreate
FindFirstFileA
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

comctl32

ImageList_Remove
ImageList_BeginDrag
ImageList_Create
CreateStatusWindowW
ord4
ImageList_Destroy
DrawStatusTextW
ImageList_EndDrag
ImageList_DrawEx
ImageList_GetDragImage
ImageList_GetBkColor

oledlg

ord9
OleUIChangeSourceW
OleUIConvertW
OleUIEditLinksW
ord11
ord12
OleUIInsertObjectW
ord10
OleUIPromptUserW

oleacc

GetOleaccVersionInfo
LresultFromObject
GetRoleTextW
ObjectFromLresult
WindowFromAccessibleObject
AccessibleChildren
AccessibleObjectFromEvent
CreateStdAccessibleProxyA
AccessibleObjectFromWindow
GetStateTextW

user32

GetWindow
GetMenu
LoadCursorA
DestroyWindow
InflateRect
GetDC
IsWindowVisible
SetWindowPos
MessageBoxW
GetWindowThreadProcessId
ScreenToClient
WindowFromPoint
LoadStringW
CopyRect
GetWindowTextA
SetDlgItemTextW
GetDlgItemTextW
DefFrameProcA
IsWindowEnabled
GetMessagePos
SendMessageA
SetCapture
GetDlgItem
DrawEdge
GetParent
ReleaseCapture
ReleaseDC
ShowWindowAsync
GetWindowLongW
CreateWindowExW
SetDlgItemTextA

gdi32

GetDeviceCaps
SetRectRgn
SelectObject
SetWinMetaFileBits
GdiGradientFill
ResetDCW
GetEnhMetaFileDescriptionA
GetWinMetaFileBits
SetTextColor
CreateMetaFileA
GetGraphicsMode
GetMetaRgn
GetTextExtentPointI
CreatePalette
SetBkColor
DeleteObject
GetOutlineTextMetricsW
PtVisible

comdlg32

FindTextW
CommDlgExtendedError
FindTextA
GetFileTitleW
GetFileTitleA

advapi32

BackupEventLogW
CryptAcquireContextA
RegCloseKey
SaferCloseLevel
IsTokenRestricted
SetNamedSecurityInfoA
ClearEventLogW
SetServiceStatus
ConvertToAutoInheritPrivateObjectSecurity
FileEncryptionStatusW
PrivilegedServiceAuditAlarmW
GetNamedSecurityInfoA
CryptCreateHash
CryptHashData
SaferCreateLevel
CryptDestroyHash
OpenProcessToken
AccessCheckByTypeResultListAndAuditAlarmByHandleA
ConvertSidToStringSidW
CryptGetHashParam
CryptReleaseContext

ole32

CoTaskMemAlloc
GetHGlobalFromStream
CreateStreamOnHGlobal
CreateDataAdviseHolder
WriteFmtUserTypeStg
OleGetClipboard
ReleaseStgMedium

Exports

Exports

GreepFans
ServiceMain
U_EMRSCALEWINDOWEXTEX_set
U_PMR_CLEAR_get
U_PMR_FILLPATH_print
U_WMRDIBSTRETCHBLT_print
U_WMRE3_get
U_WMRSETWINDOWEXT_set

Sections

.text
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

987c101a1c12cfd1048bdab1d868d054

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

oledlg

oleacc

user32

gdi32

comdlg32

advapi32

ole32

Exports

Exports

Sections

.text Size: 397KB - Virtual size: 396KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 397KB - Virtual size: 396KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 9KB - Virtual size: 8KB