a427a7572a7ac4fbb2929792e4bd5219_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a427a7572a7ac4fbb2929792e4bd5219_JaffaCakes118
Size

72KB
MD5

a427a7572a7ac4fbb2929792e4bd5219
SHA1

d25a06a0f5a3682f8de280476a2c4a32afc7d27d
SHA256

ed88481919409ffd9bbc9b78702c9fb1c371cbde50733206901f136fb0ad8202
SHA512

ee875a4762bffa9bda28ac398fec7648d1c8ae7c46a427d44dc39df27243c994883844c13e44a6d2c4683d3c36811bf4d2aa55a5c1f077f9664da7f5144a6529
SSDEEP

1536:YyW28eETmSmGJkXPyk+SChhLIc5wR49GcVh0+xo1o33c:jR8Hpk/ybSCLLIc5cmh0+xo18M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a427a7572a7ac4fbb2929792e4bd5219_JaffaCakes118

Files

a427a7572a7ac4fbb2929792e4bd5219_JaffaCakes118
.dll windows:4 windows x86 arch:x86

42ccf02923e6b1d7f9e1e63e815f3df5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileW
FillConsoleOutputCharacterW
FreeResource
FindNextChangeNotification
LockResource
FileTimeToLocalFileTime
GetTimeZoneInformation
SetEnvironmentVariableW
GlobalAddAtomA
GetSystemDirectoryA
SetDefaultCommConfigW
GetProcessAffinityMask
SetFileAttributesA
GetDiskFreeSpaceExW
GetConsoleScreenBufferInfo
GetLargestConsoleWindowSize
DeleteTimerQueueTimer
FindAtomA
GetLocaleInfoW
GetDateFormatA
GetFileAttributesExW
ReadFile
CreateEventW
SetEvent
ExitThread
GetStringTypeExA
SetLastError
SetConsoleWindowInfo
FindResourceW
WriteConsoleW
GlobalGetAtomNameW
GetFileType
PeekConsoleInputW
GetSystemTimeAdjustment
lstrcpynW
HeapLock
PostQueuedCompletionStatus
GetDriveTypeW
GetComputerNameExW
GetConsoleOutputCP
AddAtomA
ExpandEnvironmentStringsW
CancelWaitableTimer
SetProcessShutdownParameters
WriteConsoleInputA
SetVolumeLabelW
EscapeCommFunction
ChangeTimerQueueTimer
GetBinaryTypeW
GetFileTime
GlobalFree
FindVolumeMountPointClose
GetComputerNameW
GetTimeFormatW
GetNumberFormatW
CreateMutexW
IsProcessorFeaturePresent
FlushConsoleInputBuffer
GetThreadContext
GetStartupInfoA
CreateIoCompletionPort
LocalReAlloc
CreateWaitableTimerA
SetTimeZoneInformation
SetStdHandle
GetCurrentDirectoryW
EnumUILanguagesW
LocalLock
RaiseException
CreateConsoleScreenBuffer
IsBadHugeReadPtr
CreateJobObjectW
QueryPerformanceFrequency
GetCPInfo
GetLocalTime
GetAtomNameA
SetConsoleTextAttribute
CreateFileMappingW
VerLanguageNameW
GetModuleFileNameW
SetEnvironmentVariableA
GetCommandLineW
AddAtomW
VerifyVersionInfoW
GetSystemWindowsDirectoryA
IsWow64Process
UpdateResourceA
GlobalAlloc
OpenFileMappingA
ClearCommError
GetProfileStringW
FindFirstVolumeMountPointW
GetDateFormatW
GetAtomNameW
GetLocaleInfoA
UnlockFile
GetTempFileNameW
GetTickCount
OpenEventW
InterlockedIncrement
SetFilePointerEx
GlobalReAlloc
RemoveDirectoryA
ReadConsoleA
CreateNamedPipeW
GetLogicalDriveStringsW
GetProcessHeap
CreateDirectoryA
CopyFileA
ReleaseMutex
lstrlenW
CreateThread
CreateFileMappingA
LeaveCriticalSection
lstrcatW
GetProcAddress
lstrlenA
InterlockedExchange
InitializeCriticalSection
HeapFree
GetModuleFileNameA
VirtualProtect
CreateMutexA
GetSystemTimeAsFileTime
LoadLibraryA
WaitForSingleObject
GetCurrentProcess
MoveFileExA

ole32

StgIsStorageILockBytes
CoEnableCallCancellation
OleDuplicateData
StgCreateDocfileOnILockBytes
OleLoadFromStream
CoImpersonateClient
CoGetInterfaceAndReleaseStream
BindMoniker
OleSaveToStream
IIDFromString
PropVariantClear
CoReleaseMarshalData
OleCreateLinkFromData
CreateILockBytesOnHGlobal
OleCreateFromFile
OleCreate
OleQueryCreateFromData
CreateDataAdviseHolder
CoGetClassObject
OleRegGetUserType
OleRegEnumVerbs
OleQueryLinkFromData
CoCreateInstanceEx
OleLoad
StringFromGUID2
CoFreeUnusedLibraries
CreateItemMoniker
OleRun
GetRunningObjectTable
ReadFmtUserTypeStg
PropVariantCopy
CreatePointerMoniker
SetConvertStg
CoGetObjectContext
CoUninitialize
CoTaskMemAlloc
CoInitialize
CoQueryProxyBlanket

shlwapi

SHSetValueA
PathStripPathW
PathGetDriveNumberW
PathRemoveBackslashW
SHCreateShellPalette
StrCpyNW
StrFormatByteSizeW
StrNCatW
PathRemoveFileSpecA
StrStrIW
StrStrIA
StrCmpW
UrlUnescapeW
SHGetValueA
PathMatchSpecW
SHRegGetValueW
PathIsUNCW
SHStrDupW
PathRemoveExtensionW
StrDupW
StrStrW
PathSkipRootW
AssocCreate
StrDupA
AssocQueryStringW
UrlCreateFromPathW
PathIsUNCServerW
StrCmpNIA
StrCmpNIW
StrCpyW
StrRetToBufW
PathGetCharTypeW
PathRemoveArgsW
StrToIntW
SHRegGetUSValueW
SHDeleteKeyW
SHRegSetPathW
StrChrW
PathUndecorateW
PathIsRootW
PathFileExistsA

advapi32

RegDeleteValueA
GetUserNameA
StartServiceA
RegRestoreKeyW
GetServiceKeyNameW
CreateProcessAsUserA
OpenServiceA
RegOpenKeyW
RegQueryValueW
RegConnectRegistryW
SetThreadToken
RegOpenCurrentUser
RegLoadKeyW
RegSetValueExW
CloseEventLog
OpenEventLogA
RegQueryValueExW
EnumServicesStatusW
EnumDependentServicesW
EnumServicesStatusA
QueryServiceLockStatusA
QueryServiceConfig2W
UnlockServiceDatabase
ReadEventLogW
SetEntriesInAclA
GetInheritanceSourceW
MakeAbsoluteSD
RegSetValueExA

Exports

Exports

DllInit
DllInstall

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42ccf02923e6b1d7f9e1e63e815f3df5

Headers

File Characteristics

Imports

kernel32

ole32

shlwapi

advapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB