d:\Development\DLLS\ywiseextU\Release\ywiseextU.pdb
Static task
static1
Behavioral task
behavioral1
Sample
a321a1ab851e882feff1144b2f5e843e_JaffaCakes118.dll
Resource
win7-20240729-en
General
-
Target
a321a1ab851e882feff1144b2f5e843e_JaffaCakes118
-
Size
268KB
-
MD5
a321a1ab851e882feff1144b2f5e843e
-
SHA1
a161b40b89d3be01e7a72b2bdeacc16f0a14dee4
-
SHA256
82db576191a7affcac7fd5dd02d7d6b62f85d055ad5c3d3c0c4682126f3a3e81
-
SHA512
d441998a24309de51d97a948490ac11dfbb3c02b8381fc71c3dc7ee68dafe34cc8afba20c66209c4d3286da399542d534bb55c66eac64507f4571535d68b80ab
-
SSDEEP
3072:uvaXsESBUl5s9VIsmytAlnCfDetTntIxtERfSdHl5xyEUnGcSZmE95a36qcxEjll:TXXnzTqmSRUXSt95u6q8EjMQ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a321a1ab851e882feff1144b2f5e843e_JaffaCakes118
Files
-
a321a1ab851e882feff1144b2f5e843e_JaffaCakes118.dll windows:4 windows x86 arch:x86
ca2866c57efd91c55c26f3568d58939b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
InterlockedDecrement
InterlockedIncrement
GetComputerNameW
UnmapViewOfFile
lstrcmpW
lstrcatW
WideCharToMultiByte
GetCurrentProcessId
GetDiskFreeSpaceExW
SetEndOfFile
MapViewOfFileEx
OpenProcess
GetShortPathNameW
GetCurrentThreadId
FlushInstructionCache
CreateProcessW
GetModuleFileNameW
CreateFileMappingW
GetCurrentProcess
SetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
LoadLibraryW
GetLastError
GetConsoleMode
GetConsoleCP
RtlUnwind
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
LocalAlloc
GetFileAttributesW
GetVersionExW
LocalFree
FreeLibrary
CreateDirectoryW
GetProcAddress
SetFilePointer
lstrcpyW
WriteConsoleA
lstrlenA
lstrcmpiW
MulDiv
lstrcpynW
CreateFileW
ReadFile
IsBadReadPtr
GetFileSize
RaiseException
LoadResource
WriteFile
FindResourceW
FindResourceExW
LockResource
SizeofResource
lstrlenW
CloseHandle
WaitForSingleObject
DeleteCriticalSection
Sleep
CreateThread
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
SetEvent
InitializeCriticalSection
CreateEventW
DeleteFileW
SetStdHandle
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
user32
GetWindow
GetClientRect
UpdateWindow
IsWindow
GetWindowLongW
DefWindowProcW
SendMessageW
ReleaseDC
GetDC
ShowWindow
GetClassInfoExW
CallWindowProcW
SetWindowLongW
IsWindowVisible
GetWindowTextW
DestroyWindow
GetParent
TrackMouseEvent
CreateWindowExW
InvalidateRect
EnumChildWindows
SetWindowTextW
UnregisterClassA
IsChild
FindWindowW
SetWindowsHookExW
GetSysColor
SetFocus
LoadCursorW
UnhookWindowsHookEx
GetKeyState
RegisterClassExW
CallNextHookEx
GetWindowRect
GetDlgItem
gdi32
DeleteObject
GetStockObject
SelectObject
CreateSolidBrush
SetTextColor
GetCurrentObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps
SetBkColor
advapi32
CryptEncrypt
RegOpenKeyExW
RegSetValueExW
RegCloseKey
CreateProcessAsUserW
DuplicateTokenEx
RegQueryValueExW
LookupAccountSidW
RegCreateKeyExW
SetTokenInformation
ConvertStringSidToSidW
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW
GetSidSubAuthority
IsValidAcl
IsValidSid
GetSidSubAuthorityCount
GetExplicitEntriesFromAclW
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptDeriveKey
CryptHashData
CryptAcquireContextW
ole32
CoInitialize
CoCreateInstance
oleaut32
VariantClear
SysFreeString
SysAllocStringLen
SysAllocString
wininet
InternetCrackUrlW
DeleteUrlCacheEntryW
InternetOpenW
HttpQueryInfoW
InternetOpenUrlW
InternetCloseHandle
InternetSetOptionW
InternetGetLastResponseInfoW
InternetReadFile
urlmon
ObtainUserAgentString
Exports
Exports
AddFFBookmark
Add_Control
Add_Hover
Add_Hover_Window
Add_Html
Add_HtmlTS
Add_RichEdit
CreateLowRightsFile
CreateLowRightsFolder
CtlColorSubClass
Decode
DotNetVersion
Download
DownloadStatus
DownloadVersion
Encode
FreeSpace
GetMS
GetSecurityLevel
GetUser
Init
LaunchExe
LowerRights
RegReadMultiLineValue
RegWriteMultiLineValue
Reset
SetUserAgent
Set_Static_Color
Set_Static_ColorT
Set_Static_Font
Set_Status_Control
StopDownload
ffSet
ffSetStr
ffTest
Sections
.text Size: 120KB - Virtual size: 117KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE