96aedfa037be42c8b83559034e6222af_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

96aedfa037be42c8b83559034e6222af_JaffaCakes118
Size

230KB
MD5

96aedfa037be42c8b83559034e6222af
SHA1

196ffe7f43accc0f0832a5e9fe9164aeff6480e9
SHA256

30b5f5554f47880f5ede4976d69c6a88c4e68b07b5400f31c8fe0c3327e9a804
SHA512

5cf6412d0458748c5e77d1084ec5ecfe01552a85502082411bc9ab105ce4c3554056b8f0cf1f4859390ec31ef0083c68e183f4ee183901b3c7e35b3fc0e8cae9
SSDEEP

6144:ZDFB47UhXBh2yJ5HcOSSSHtGwl8c0HTZKl1pg8ZxM5TG:ZDT47U5r2Q+NGUpg211Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96aedfa037be42c8b83559034e6222af_JaffaCakes118

Files

96aedfa037be42c8b83559034e6222af_JaffaCakes118
.dll windows:6 windows x86 arch:x86

26865b7171db1d5c65acde04238656b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sqmapi.pdb

Imports

msvcrt

_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_callnewh
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_CxxThrowException
_purecall
ceil
realloc
free
memmove
towupper
memset
_vsnprintf
wcschr
_vsnwprintf
__CxxFrameHandler
memcpy

advapi32

RegOpenKeyExA
RegQueryValueExA
ImpersonateLoggedOnUser
RevertToSelf
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
SetNamedSecurityInfoW
OpenProcessToken
ConvertSidToStringSidW
GetTokenInformation
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceEvent

user32

PeekMessageW
GetSystemMetrics
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
OpenMutexW
CreateMutexW
ReleaseMutex
GetThreadPriority
SetThreadPriority
FileTimeToSystemTime
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GetTempFileNameW
Sleep
GlobalFree
WaitForMultipleObjects
GetTempPathW
GetLongPathNameW
GetVersionExW
WideCharToMultiByte
CreateDirectoryW
GetFileAttributesW
GetFileSizeEx
SetFilePointerEx
lstrlenW
GetThreadLocale
GetModuleHandleA
OpenEventA
GetVersionExA
SetErrorMode
DelayLoadFailureHook
GetCurrentThread
WaitForSingleObject
InterlockedDecrement
OpenFileMappingW
VirtualFree
WriteFile
InterlockedIncrement
ResetEvent
CreateThread
FreeLibraryAndExitThread
CreateEventW
GetFileSize
ReadFile
DuplicateHandle
SetEvent
RaiseException
GetFileAttributesExW
CompareFileTime
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
GetCurrentProcess
GetTickCount
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
DisableThreadLibraryCalls
InterlockedCompareExchange
LoadLibraryA
CompareStringW
VirtualAlloc
SetLastError
GetLastError
LeaveCriticalSection
EnterCriticalSection
CloseHandle
UnmapViewOfFile
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
CreateFileW
DeleteCriticalSection

Exports

Exports

SqmAddToAverage
SqmAddToStream
SqmAddToStreamDWord
SqmAddToStreamString
SqmAddToStreamV
SqmCleanup
SqmClearFlags
SqmCreateNewId
SqmEndSession
SqmFlushSession
SqmGetEnabled
SqmGetFlags
SqmGetMachineId
SqmGetSession
SqmGetSessionStartTime
SqmGetUserId
SqmIncrement
SqmIsWindowsOptedIn
SqmReadSharedMachineId
SqmReadSharedUserId
SqmSet
SqmSetAppId
SqmSetAppVersion
SqmSetBits
SqmSetBool
SqmSetCurrentTimeAsUploadTime
SqmSetEnabled
SqmSetFlags
SqmSetIfMax
SqmSetIfMin
SqmSetMachineId
SqmSetString
SqmSetUserId
SqmStartSession
SqmStartUpload
SqmSysprepGeneralize
SqmSysprepSpecialize
SqmTimerAccumulate
SqmTimerAddToAverage
SqmTimerRecord
SqmTimerStart
SqmUnattendedSetup
SqmWaitForUploadComplete
SqmWriteSharedMachineId
SqmWriteSharedUserId

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26865b7171db1d5c65acde04238656b5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 121KB - Virtual size: 120KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 100KB - Virtual size: 100KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 121KB - Virtual size: 120KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 100KB - Virtual size: 100KB

.reloc
Size: 6KB - Virtual size: 6KB