9521724ac8d9f71e6e87ce615e398d5e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9521724ac8d9f71e6e87ce615e398d5e_JaffaCakes118
Size

72KB
MD5

9521724ac8d9f71e6e87ce615e398d5e
SHA1

beee1466f0854cc8b936eedd48305108d0f893a9
SHA256

16546155f60c3fb5b40ed2d40c4d6f0f7cd84f6790c9d9a2847a4f8366afca72
SHA512

cd4af3e994dc9dd799e7ba631d5716661d63582dc48f3ffab32781b518760f7b1f1464f08f3ab0ec5831193a8ff02d1613b562ed8057288e3575b604f4aba0be
SSDEEP

1536:KJgaz5U1rUCqGk2t7nGRdmy+MR2+4ubmxsGvthZc3zYy6Wo:KCuCqGkS7GRdg+4cmxsSw3zYy6Wo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9521724ac8d9f71e6e87ce615e398d5e_JaffaCakes118

Files

9521724ac8d9f71e6e87ce615e398d5e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6692da8c723ade6bfa2bcab1d363fbc3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteConsoleW
GetProfileStringW
GetModuleHandleExW
ReadConsoleInputW
GetEnvironmentVariableW
VirtualQueryEx
CreateEventW
IsValidLocale
GetStringTypeW
SetFileAttributesA
CreateTimerQueueTimer
GlobalAddAtomA
lstrcpynW
CopyFileW
lstrcpynA
LocalSize
GlobalFlags
SetVolumeMountPointW
SizeofResource
GetCurrentThread
ProcessIdToSessionId
UnlockFileEx
VirtualUnlock
WaitNamedPipeA
ConvertDefaultLocale
IsBadStringPtrW
GetConsoleScreenBufferInfo
RegisterWaitForSingleObjectEx
GetCommandLineA
QueryPerformanceFrequency
GetHandleInformation
GetCurrentProcess
GetCommandLineW
DuplicateHandle
CreateEventA
DeleteFileA
IsProcessorFeaturePresent
LoadResource
QueueUserAPC
MapViewOfFileEx
WinExec
HeapReAlloc
SetCurrentDirectoryW
GetProcessVersion
GetVersion
IsBadHugeWritePtr
GetBinaryTypeA
SetProcessWorkingSetSize
GetLocaleInfoA
EnumUILanguagesW
CreateDirectoryW
WriteConsoleA
FindAtomW
FillConsoleOutputAttribute
GetQueuedCompletionStatus
EnumResourceNamesW
HeapUnlock
ReadFileEx
GetProcessAffinityMask
CreateWaitableTimerA
GlobalGetAtomNameA
GetStringTypeExW
SuspendThread
FindResourceA
SetEvent
ExpandEnvironmentStringsA
GetCurrentDirectoryA
GetDateFormatW
HeapLock
AreFileApisANSI
GetCurrentDirectoryW
CreateNamedPipeW
TransactNamedPipe
CreateTimerQueue
SwitchToThread
RemoveDirectoryA
GetThreadPriority
SetConsoleActiveScreenBuffer
FillConsoleOutputCharacterW
GetThreadContext
InterlockedDecrement
FindClose
SetVolumeLabelA
UnregisterWaitEx
FileTimeToDosDateTime
GetThreadLocale
VirtualAllocEx
FindNextVolumeW
SetLastError
DeleteFileW
GetFileAttributesA
FlushViewOfFile
GetFileInformationByHandle
FindNextFileW
GetTempFileNameA
EnumResourceLanguagesW
EnumResourceNamesA
GetSystemTime
ReleaseSemaphore
GetAtomNameA
GetTickCount
SetConsoleTitleA
SetConsoleCtrlHandler
FindFirstVolumeMountPointW
MoveFileW
ConnectNamedPipe
GetVolumeInformationW
SetWaitableTimer
GetDateFormatA
CreateIoCompletionPort
GetUserDefaultLangID
GetProfileIntW
ResumeThread
GetLogicalDrives
VirtualQuery
GetModuleHandleA
UnmapViewOfFile
GetComputerNameA
LeaveCriticalSection
InterlockedExchange
CreateProcessA
CreateFileMappingA
ReleaseMutex
EnterCriticalSection
MapViewOfFile
lstrcpyW
CreateDirectoryA
VirtualProtect
MoveFileExA
lstrlenA
CopyFileA
InitializeCriticalSection
LoadLibraryA
GetLocalTime
GetProcAddress

shlwapi

PathFileExistsW
wnsprintfW
SHGetValueW
PathUnquoteSpacesW
StrCmpNIA
SHCreateStreamOnFileW
PathSkipRootW
StrCmpW
StrStrIW
StrCmpNW
StrRetToStrW
PathMakePrettyW
PathCanonicalizeW
PathIsURLW
wvnsprintfW
SHRegSetPathW
StrCmpIW
PathRemoveFileSpecW
SHSetValueA
UrlCanonicalizeW
PathBuildRootW
StrFormatByteSizeW
StrDupA
StrRChrW
PathParseIconLocationW
PathCombineW
PathFindExtensionW
SHStrDupW

advapi32

DuplicateTokenEx
QueryServiceLockStatusA
ReportEventA
SetThreadToken
RegEnumValueA
QueryServiceStatusEx
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
GetUserNameA
GetUserNameW
SetTokenInformation
ImpersonateAnonymousToken
EnumServicesStatusExW
OpenEventLogA
RegDeleteKeyW
RevertToSelf
RegNotifyChangeKeyValue
QueryServiceConfigA
RegQueryValueW
RegCreateKeyW
RegOpenKeyA
RegQueryInfoKeyW
RegisterEventSourceW
StartServiceA
LockServiceDatabase
CreateServiceA
MakeAbsoluteSD
UnlockServiceDatabase
StartServiceW
RegEnumKeyA
RegRestoreKeyA
RegisterServiceCtrlHandlerW
GetNumberOfEventLogRecords
RegSetValueW
CreateProcessWithLogonW
RegSaveKeyA
RegRestoreKeyW
EnumServicesStatusW

shell32

ExtractIconExW
ExtractIconW
SHGetFolderPathW
SHAddToRecentDocs
SHGetFileInfoA
SHSetLocalizedName
SHGetDesktopFolder
SHAppBarMessage
SHGetPathFromIDListW
SHCreateShellItem
SHBrowseForFolderA
SHGetFileInfoW
ExtractIconExA
SHBrowseForFolderW
SHGetFolderLocation
SHParseDisplayName
ShellExecuteExW
SHGetFolderPathA
ExtractIconA

Exports

Exports

DllInit
DllInstall

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6692da8c723ade6bfa2bcab1d363fbc3

Headers

File Characteristics

Imports

kernel32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 1KB