b0f05a8380fcc5198b1a46856e2c0af4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0f05a8380fcc5198b1a46856e2c0af4_JaffaCakes118
Size

203KB
MD5

b0f05a8380fcc5198b1a46856e2c0af4
SHA1

8fe95196bd5698e65cbf30197b406290642f9aa8
SHA256

69e336b16b57693806ce636c0829fb3cccdecfc1e053b543c63bafcea89ac333
SHA512

f88ae694ea8a3d8580f8da610d144261a779d5fa2dd38e43cd42f9d2f844cce9a5c10dbfdfa67bbd7790b01a3d57a671fe4c450f29b0dd24f2abf5f06663c841
SSDEEP

6144:2nod5j7uVeHSnh4T+jxoctnUfx1G0lLjgb1SjIxyubz4A:2m0ekhu2ZUfx1bLc1S1m4A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0f05a8380fcc5198b1a46856e2c0af4_JaffaCakes118

Files

b0f05a8380fcc5198b1a46856e2c0af4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

fc28052ef66faa602d93263899211ec9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrlenW
lstrcpyW
VirtualAlloc
GetWindowsDirectoryA
AddAtomW
BackupSeek
BeginUpdateResourceW
BuildCommDCBW
CopyFileA
CopyFileW
CreateDirectoryW
CreateThread
DuplicateHandle
EnumCalendarInfoW
EnumDateFormatsW
EnumLanguageGroupLocalesW
EnumResourceNamesW
FileTimeToDosDateTime
FindFirstVolumeMountPointW
FindFirstVolumeW
FindVolumeMountPointClose
FreeLibrary
FreeResource
GetAtomNameW
GetBinaryTypeA
GetCPInfo
GetCommMask
GetCommProperties
GetCompressedFileSizeW
GetConsoleAliasExesLengthA
GetConsoleAliasesA
GetConsoleFontSize
GetConsoleTitleA
GetCurrencyFormatA
GetDateFormatA
GetEnvironmentStringsA
GetLogicalDriveStringsA
GetLongPathNameW
GetOEMCP
GetPriorityClass
GetPrivateProfileSectionNamesW
GetPrivateProfileStringA
GetPrivateProfileStructW
GetProcessAffinityMask
GetProcessPriorityBoost
GetProcessShutdownParameters
GetShortPathNameA
GetWindowsDirectoryW
GetTempFileNameA
GetVersion
GlobalDeleteAtom
GlobalFree
GlobalWire
Heap32ListNext
HeapDestroy
HeapSize
InitializeCriticalSection
IsBadStringPtrW
IsBadWritePtr
LocalReAlloc
LocalUnlock
LockResource
Module32NextW
OpenMutexA
OutputDebugStringA
Process32Next
QueryPerformanceCounter
QueueUserAPC
ReadFile
ResumeThread
RtlFillMemory
RtlUnwind
SetCommConfig
SetConsoleTitleA
SetConsoleWindowInfo
SetCriticalSectionSpinCount
SetCurrentDirectoryW
SetEnvironmentVariableW
SetLocaleInfoA
SetMailslotInfo
SetProcessPriorityBoost
SetThreadExecutionState
SetThreadIdealProcessor
SetVolumeLabelA
SetVolumeMountPointA
SignalObjectAndWait
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsGetValue
UnhandledExceptionFilter
UpdateResourceW
VirtualFreeEx
WinExec
WriteFileGather
WriteProcessMemory
_lwrite
lstrcmpA
GetShortPathNameW
CreateFileW

user32

wvsprintfW
ActivateKeyboardLayout
BroadcastSystemMessageA
BroadcastSystemMessageW
CallWindowProcW
ChangeDisplaySettingsExA
CharPrevW
CheckMenuItem
ClientToScreen
CreateDesktopW
CreatePopupMenu
DdeCreateStringHandleW
DdeGetLastError
DdeImpersonateClient
DefMDIChildProcA
DeleteMenu
DestroyWindow
DialogBoxIndirectParamA
DispatchMessageW
DlgDirListA
DlgDirListComboBoxA
DragObject
DrawEdge
DrawFrameControl
DrawMenuBar
DrawStateA
EditWndProc
EmptyClipboard
EnableWindow
EndPaint
EnumChildWindows
EnumDesktopsW
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumWindowStationsA
EnumWindows
FreeDDElParam
GetAltTabInfoA
GetClassInfoExA
GetClipCursor
GetComboBoxInfo
GetFocus
GetForegroundWindow
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
GetLastActivePopup
GetMenuCheckMarkDimensions
GetMenuItemID
GetMessageA
GetMonitorInfoW
GetOpenClipboardWindow
GetSysColor
GetSystemMenu
GetUserObjectSecurity
GetWindow
GetWindowModuleFileName
GetWindowThreadProcessId
IMPGetIMEW
IMPQueryIMEW
IMPSetIMEA
InflateRect
IsDialogMessageA
LoadBitmapW
MessageBeep
MessageBoxA
MessageBoxW
MonitorFromRect
OpenClipboard
OpenDesktopA
OpenInputDesktop
OpenWindowStationA
OpenWindowStationW
PtInRect
RegisterHotKey
ReleaseCapture
ScrollWindow
SendDlgItemMessageW
SendMessageA
SetLastErrorEx
SetScrollPos
SetShellWindow
SetWindowContextHelpId
SetWindowsHookExA
ShowOwnedPopups
ShowScrollBar
SwitchToThisWindow
ToUnicode
TranslateAcceleratorA
SwitchDesktop
UnpackDDElParam

advapi32

RegOpenKeyExA

ole32

WriteOleStg
WriteFmtUserTypeStg
WdtpInterfacePointer_UserUnmarshal
WdtpInterfacePointer_UserFree
UtConvertDvtd16toDvtd32
StringFromCLSID
StgPropertyLengthAsVariant
StgIsStorageFile
StgCreateStorageEx
StgCreatePropSetStg
StgConvertVariantToProperty
SNB_UserUnmarshal
ReadOleStg
PropStgNameToFmtId
ProgIDFromCLSID
OleSetContainedObject
OleSetAutoConvert
OleRun
OleRegEnumFormatEtc
OleLockRunning
OleLoad
OleGetIconOfClass
OleDuplicateData
OleDraw
OleCreateStaticFromData
OleCreateLinkEx
OleCreateFromFileEx
OleCreateFromData
OleCreateEx
OleConvertOLESTREAMToIStorage
OleBuildVersion
MonikerRelativePathTo
IsEqualGUID
IIDFromString
HWND_UserFree
HPALETTE_UserUnmarshal
HMETAFILE_UserUnmarshal
HMETAFILEPICT_UserMarshal
HMENU_UserUnmarshal
HMENU_UserMarshal
HICON_UserFree
HGLOBAL_UserSize
HENHMETAFILE_UserFree
HDC_UserSize
HDC_UserFree
HBRUSH_UserFree
HACCEL_UserMarshal
GetRunningObjectTable
GetHookInterface
FmtIdToPropStgName
DoDragDrop
DcomChannelSetHResult
CreateStreamOnHGlobal
CreateObjrefMoniker
CreateFileMoniker
CreateClassMoniker
CreateAntiMoniker
CoUnloadingWOW
CoUninitialize
CoTreatAsClass
CoSuspendClassObjects
CoSetProxyBlanket
CoRegisterSurrogateEx
CoRegisterMessageFilter
CoRegisterMallocSpy
CoRegisterClassObject
CoReactivateObject
CoQueryAuthenticationServices
CoIsHandlerConnected
CoInstall
CoInitializeWOW
CoInitialize
CoImpersonateClient
CoGetTreatAsClass
CoGetStdMarshalEx
CoGetObjectContext
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoGetInstanceFromIStorage
CoEnableCallCancellation
CoDosDateTimeToFileTime
CoDisableCallCancellation
CoCreateObjectInContext
CoBuildVersion
CLSIDFromProgIDEx
CLIPFORMAT_UserUnmarshal
BindMoniker

oleaut32

VarUI4FromI2
VarUI4FromI1
VarUI4FromCy
VarUI4FromBool
VarUI2FromI4
VarUI2FromI2
VarUI2FromI1
VarUI2FromDec
VarUI1FromR4
VarUI1FromI4
VarUI1FromI1
VarUI1FromDec
VarUI1FromCy
VarUI1FromBool
VarR8FromUI4
VarR8FromR4
VarR8FromI4
VarR8FromBool
VarR4FromI4
VarR4FromI1
VarR4FromCy
VarNot
VarNeg
VarMod
VarI4FromUI4
VarI4FromUI1
VarI4FromDec
VarI4FromDate
VarI2FromUI2
VarI2FromStr
VarI2FromR8
VarI2FromI4
VarI2FromI1
VarI2FromDec
VarI2FromCy
VarI2FromBool
VarI1FromI2
VarI1FromDec
VarFormatDateTime
VarFormatCurrency
VarFix
VarDecFromUI1
VarDecFromR4
VarDecDiv
VarDecAdd
VarDateFromUdateEx
VarDateFromStr
VarDateFromI1
VarDateFromBool
VarCyRound
VarCyInt
VarCyFromR8
VarCyFromR4
VarCyFix
VarCyAdd
VarBstrFromUI4
VarBstrFromR8
VarBstrFromDisp
VarBstrFromDate
VarBstrCmp
VarBoolFromUI2
VarBoolFromUI1
VARIANT_UserUnmarshal
VARIANT_UserSize
SysStringLen
SysReAllocString
SysAllocStringByteLen
SafeArrayLock
SafeArrayGetRecordInfo
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayCreate
RevokeActiveObject
RegisterActiveObject
OleLoadPictureFileEx
OleCreatePictureIndirect
LoadTypeLi
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_Unmarshal
LHashValOfNameSys
GetErrorInfo
DosDateTimeToVariantTime
CreateTypeLib2
CreateStdDispatch
CreateDispTypeInfo
VariantInit
VarUI4FromUI2

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc28052ef66faa602d93263899211ec9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 188KB - Virtual size: 188KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 188B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 188KB - Virtual size: 188KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 188B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB