86483d34c2a51af934e2add218a803b4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

86483d34c2a51af934e2add218a803b4_JaffaCakes118
Size

502KB
MD5

86483d34c2a51af934e2add218a803b4
SHA1

c7d08822d6ed0dbebcddb579d9da3ae9b1f8758b
SHA256

9427654d69818299befd39380598a5d6b1423d7dfe5f2f38959b933c656bb54a
SHA512

e5acf2abe51c3fc52421ace791ddace590d93c38b1a4d5bc499be3b923a2a03c6055b408546de71556a482f84c205db1b0a9dd6aa1f355954e6832bb8137f210
SSDEEP

12288:nLmH1WF0jJ4674I/iYSXUSJuXPXRjPqkc:VFz674CaXKXPXRrF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86483d34c2a51af934e2add218a803b4_JaffaCakes118

Files

86483d34c2a51af934e2add218a803b4_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

881aa34d279ac9964a4b48b9aa04ce61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHGetValueW
SHDeleteValueW

kernel32

WriteConsoleW
GetConsoleOutputCP
GetProcAddress
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CancelIo
GetTempPathA
WritePrivateProfileStructA
CreateProcessW
DeleteFileW
OpenThread
FindResourceW
GlobalUnfix
EnumResourceNamesA
WaitForSingleObjectEx
MapViewOfFileEx
GetFirmwareEnvironmentVariableW
SetCurrentDirectoryA
lstrcmpW
GlobalFindAtomA
GetPrivateProfileIntW
lstrcmpiW
CreateMutexW
HeapSetInformation
GetEnvironmentVariableW
GetStartupInfoA
CreateNamedPipeA
GetProcessVersion
GetPrivateProfileStructA
GetOverlappedResult
GlobalSize
DebugSetProcessKillOnExit
GlobalHandle
GetCommProperties
CreateDirectoryW
AddAtomA
EndUpdateResourceW
FindFirstChangeNotificationA
GetStartupInfoW
ExitProcess
GetProfileSectionA
GetComputerNameW
GlobalAlloc
FindResourceExW
GetPrivateProfileStructW
GetPriorityClass
PostQueuedCompletionStatus
GetCommModemStatus
GetFileAttributesW
EnumResourceLanguagesA
EnumResourceTypesA
GetQueuedCompletionStatus
MoveFileExW
CreateSemaphoreW
OpenMutexW
CreateProcessA
CreatePipe
ExitThread
InterlockedDecrement
EnumResourceNamesW
GlobalGetAtomNameW
SetEnvironmentVariableA
FindFirstFileW
GetLocalTime
VirtualUnlock
GetModuleHandleA
GetModuleFileNameW
GetCurrentDirectoryA
WriteProfileStringA
GetDiskFreeSpaceExW
IsBadReadPtr
GetThreadTimes
GetEnvironmentVariableA
LocalSize
GetShortPathNameW
GetVersionExW
WaitForDebugEvent
GlobalMemoryStatus
DebugActiveProcess
FatalAppExitW
GetBinaryTypeW
UpdateResourceW
QueryPerformanceFrequency
OpenEventA
WaitCommEvent
CommConfigDialogW
CreateSemaphoreA
GetComputerNameA
DebugBreakProcess
ReadProcessMemory
GetSystemInfo
GlobalAddAtomA
WriteProfileSectionW
Sleep
GetLastError
OpenMutexA
VirtualAllocEx
GetVersionExA
GetFirmwareEnvironmentVariableA
GetDevicePowerState
AreFileApisANSI
GetWindowsDirectoryA
GetSystemDirectoryA
GetTickCount
GetVolumeInformationA
GetCommandLineA
GetFileAttributesExW
HeapCreate
SetFileApisToANSI
DefineDosDeviceW
GetThreadSelectorEntry
CreateEventA
LoadLibraryExA
GetSystemWindowsDirectoryA
GetProfileStringW
OutputDebugStringW
FindNextFileW
GetThreadPriority
OpenFileMappingA
DebugActiveProcessStop
SetMailslotInfo
SetTapePosition
BackupWrite
TzSpecificLocalTimeToSystemTime
SetMessageWaitingIndicator
CommConfigDialogA
GetTapePosition
GetCommState
GetProcessShutdownParameters
GetCommTimeouts
GetCommandLineW
GetSystemDirectoryW
GetPrivateProfileIntA
GetSystemTime
FormatMessageA
GetProfileSectionW
GetCurrentThreadId
SetStdHandle
GetAtomNameA
WriteProfileStringW
GetCompressedFileSizeW
FileTimeToLocalFileTime
CreateMutexA
GetLongPathNameW
CreateEventW
CloseHandle
LocalFileTimeToFileTime
GetProcessIoCounters
SetProcessAffinityMask
GetTempFileNameW
GetFullPathNameW
GetTapeParameters
FindFirstChangeNotificationW
SearchPathA
FlushFileBuffers
LoadModule
GetModuleHandleW
SetFileAttributesA
HeapValidate
VerifyVersionInfoW
IsProcessorFeaturePresent
GetProcessAffinityMask
GetNamedPipeHandleStateA
GetPrivateProfileStringA
GetFileAttributesA
GetExitCodeProcess
GetNamedPipeHandleStateW
IsSystemResumeAutomatic
BuildCommDCBAndTimeoutsA
GetLogicalDriveStringsW
GetNumaProcessorNode
HeapUnlock
UnlockFile
HeapCompact
GetAtomNameW
SetHandleInformation
ReleaseMutex
GetTapeStatus
GetVolumeInformationW
SetThreadPriorityBoost
OpenSemaphoreA
GetProcessHeaps
SetErrorMode
GlobalFindAtomW
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetPrivateProfileSectionW
CreateDirectoryExW
SetFirmwareEnvironmentVariableW
LockResource
WaitNamedPipeA
MoveFileW
lstrcatW
HeapWalk
OpenSemaphoreW
RemoveDirectoryW
FileTimeToDosDateTime
GetNumaHighestNodeNumber
GetDiskFreeSpaceExA
FindClose
CreateNamedPipeW
SetEvent
GetShortPathNameA
CreateFileMappingA
CreateFileW
CreateFileA
WritePrivateProfileSectionW
FormatMessageW
GetEnvironmentStringsW
AddAtomW
GetCurrentThread
DeleteAtom
EraseTape
CreateRemoteThread
DisableThreadLibraryCalls
UnlockFileEx
EnumResourceTypesW
GetTimeZoneInformation
VirtualQuery
GetTempFileNameA
GetMailslotInfo
GetExitCodeThread
FreeEnvironmentStringsA
RequestWakeupLatency
GetNumaNodeProcessorMask
ProcessIdToSessionId
GetProcessWorkingSetSize
GlobalMemoryStatusEx
GetThreadPriorityBoost
SetSystemTime
EscapeCommFunction
CreateIoCompletionPort
GetProcessPriorityBoost
LoadLibraryW
CompareFileTime
SystemTimeToTzSpecificLocalTime
lstrcmpiA
GetNumaAvailableMemoryNode
CallNamedPipeA
GlobalFix
DisconnectNamedPipe
TlsFree
LocalFree
FindNextFileA
DeleteFileA
SetFileTime
GetFullPathNameA
Beep
FindAtomW
GetDriveTypeW
CreateMailslotW
OutputDebugStringA
GlobalAddAtomW
CopyFileA
FatalExit
GetThreadContext
GetCommMask
VirtualFreeEx
SetVolumeLabelA
MultiByteToWideChar
lstrcpyW
BeginUpdateResourceA
FreeLibrary
WriteProcessMemory
GetProcessHeap
VirtualFree
WaitForMultipleObjects
GetCommConfig
GetDriveTypeA
GetTempPathW
GetSystemPowerStatus
BackupRead
ResetEvent
lstrlenW
GetStdHandle
InterlockedIncrement
PeekNamedPipe
ClearCommBreak
OpenFile
WaitForSingleObject
SetProcessPriorityBoost
CopyFileW
CallNamedPipeW
CreateDirectoryExA
GlobalLock
SetLocalTime
WritePrivateProfileStringA
InterlockedCompareExchange
BuildCommDCBAndTimeoutsW
TlsGetValue
GlobalDeleteAtom
GetLogicalDrives
EnumResourceLanguagesW
LocalHandle
RemoveDirectoryA
SystemTimeToFileTime
VirtualProtect
VirtualAlloc
ResumeThread
FlushInstructionCache
GetCurrentProcess
SetThreadContext
SuspendThread
SetLastError
WriteConsoleA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapDestroy
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
GetFileType
SetHandleCount
GetModuleFileNameA
WriteFile
HeapSize
HeapAlloc
TlsSetValue
TlsAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
RtlUnwind

user32

SetActiveWindow
OffsetRect
IntersectRect
InflateRect
ClientToScreen
CharUpperW
BringWindowToTop
SetPropW
GetPropA
GetWindowThreadProcessId
CreateDialogParamA
SetWindowTextW
GetWindowTextA
TranslateMessage
CharLowerW
SetPropA
GetClientRect
GetWindowRect
MoveWindow
GetWindowLongA
SendMessageA
DestroyWindow
MsgWaitForMultipleObjects
GetClassNameW
GetParent
PeekMessageW
RealGetWindowClassW
GetPropW
SetWindowLongA
RealGetWindowClassA
RemovePropA
SetWindowLongW
CreateDialogParamW
EnumChildWindows
GetDlgItem
SendMessageW
GetWindowTextW
RemovePropW
PostMessageW
GetWindowLongW
GetClassNameA
DispatchMessageW

oleaut32

SysFreeString
VariantInit
VarCmp
VariantClear
VariantChangeType
SysAllocString
VariantCopy
SysStringLen

Exports

Exports

DllAction
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

881aa34d279ac9964a4b48b9aa04ce61

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 379KB - Virtual size: 379KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 5KB - Virtual size: 27KB

.rsrc Size: 1024B - Virtual size: 876B

.reloc Size: 78KB - Virtual size: 77KB

.text
Size: 379KB - Virtual size: 379KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 27KB

.rsrc
Size: 1024B - Virtual size: 876B

.reloc
Size: 78KB - Virtual size: 77KB