ae454d8d08f9d120558fc5cefdf2e7f4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ae454d8d08f9d120558fc5cefdf2e7f4_JaffaCakes118
Size

72KB
MD5

ae454d8d08f9d120558fc5cefdf2e7f4
SHA1

2881e7070990c964f23bcd8c4ae3ffbffe8db781
SHA256

d0954f0c29af66695568f31a67bbc91c3ebe8bf236c3ddd253069a2e43e4fe93
SHA512

57931d69e178fc499e73a05c5c8d6c3a965f058df5a3ef50f515f77a30b7936222a2ecf8067588a07fbb5188692ed855d8b78269a80cb8a27963fbb4e166f81b
SSDEEP

1536:Xe5wyB2OLWiuasKIppGIA2p4AnqGRHyWkC09:XeKyBXqvnvp3nqGRSWkCK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae454d8d08f9d120558fc5cefdf2e7f4_JaffaCakes118

Files

ae454d8d08f9d120558fc5cefdf2e7f4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

13938d41dd51619f1f45563dbd39eb02

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringW
OpenFileMappingW
SetEnvironmentVariableA
GetLongPathNameW
GetNumberFormatA
CreateNamedPipeA
RemoveDirectoryW
SetHandleCount
GetCurrentThread
IsBadStringPtrW
SetFilePointerEx
EnumResourceNamesW
DosDateTimeToFileTime
OpenEventA
GetVolumePathNamesForVolumeNameW
FindFirstChangeNotificationA
OpenThread
GetCPInfo
QueueUserAPC
RegisterWaitForSingleObject
DisconnectNamedPipe
SetVolumeMountPointW
SleepEx
GetConsoleMode
GetFileInformationByHandle
GetFileSize
DeleteFileW
lstrcmpiW
EscapeCommFunction
CancelWaitableTimer
ReplaceFileW
GetCurrentDirectoryW
GetTapeParameters
GetQueuedCompletionStatus
SetConsoleScreenBufferSize
FindFirstVolumeMountPointW
SearchPathW
SetEndOfFile
InterlockedIncrement
SetFileApisToOEM
AddAtomA
CreateFileMappingW
ReleaseSemaphore
GetStringTypeA
EnumResourceNamesA
ReadFileEx
GetProfileIntW
GetThreadPriority
CreateProcessW
GetBinaryTypeA
IsBadWritePtr
LockFile
GlobalFree
ClearCommError
WriteConsoleInputA
GetTimeFormatA
CreateEventW
FindNextChangeNotification
lstrcmpW
CompareFileTime
GetEnvironmentStringsW
PeekNamedPipe
DuplicateHandle
Beep
GetVolumeNameForVolumeMountPointW
CallNamedPipeA
GetVersionExA
SetConsoleCursorPosition
GetDefaultCommConfigW
WaitForMultipleObjects
lstrcatA
SetComputerNameA
VirtualAllocEx
HeapSetInformation
UnregisterWaitEx
GetSystemTimeAdjustment
GetVolumePathNameW
TerminateJobObject
FindAtomA
WriteConsoleA
GetHandleInformation
GetShortPathNameA
GetStdHandle
SystemTimeToFileTime
GetSystemDirectoryA
lstrcmpA
GetBinaryTypeW
FlushConsoleInputBuffer
GetCommandLineW
CancelIo
SetConsoleTextAttribute
FindNextVolumeW
VerifyVersionInfoA
GetThreadContext
DeleteCriticalSection
GetUserDefaultLangID
PeekConsoleInputA
GetUserDefaultLCID
GetSystemDirectoryW
BindIoCompletionCallback
ConvertDefaultLocale
PeekConsoleInputW
WaitForSingleObjectEx
GetFileTime
GetShortPathNameW
FindFirstChangeNotificationW
SearchPathA
GetCurrentThreadId
LocalLock
GetProfileSectionA
GetVolumeInformationW
LocalFlags
MoveFileW
VerifyVersionInfoW
HeapReAlloc
CreateWaitableTimerW
GetCompressedFileSizeW
GetStringTypeExW
MultiByteToWideChar
AllocConsole
CreateFileW
CreateTimerQueueTimer
TerminateThread
ReadConsoleW
GetAtomNameA
SetComputerNameExW
GetVolumeInformationA
SetConsoleMode
GetStringTypeW
UnregisterWait
LocalHandle
LocalUnlock
GetProcessHeap
lstrlenW
GetProcAddress
InitializeCriticalSection
CopyFileA
LeaveCriticalSection
MoveFileExA
WaitForSingleObject
EnterCriticalSection
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetModuleHandleA
CreateProcessA
LoadLibraryA
VirtualQuery
ReleaseMutex
CreateFileMappingA
CreateMutexW
InterlockedExchange

advapi32

UnlockServiceDatabase
MapGenericMask
GetServiceDisplayNameW
OpenEventLogW
RegEnumKeyA
ChangeServiceConfigW
GetServiceKeyNameW
StartServiceCtrlDispatcherW
RegQueryInfoKeyA
CreateProcessWithLogonW
GetEffectiveRightsFromAclW
RegLoadKeyW
DuplicateToken
RevertToSelf
RegReplaceKeyW
CreateServiceA
RegisterServiceCtrlHandlerA
QueryServiceLockStatusW
RegOpenKeyExW
RegConnectRegistryW
DuplicateTokenEx
ImpersonateAnonymousToken
RegDeleteKeyW
RegEnumValueA
RegEnumValueW
QueryServiceConfigW
ChangeServiceConfigA
RegLoadKeyA
OpenSCManagerA
RegisterServiceCtrlHandlerExW
RegEnumKeyExW
RegFlushKey
RegCreateKeyExW
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
MakeAbsoluteSD

shell32

SHGetFolderPathA
DragQueryFileW
SHOpenFolderAndSelectItems
SHChangeNotify
SHGetDesktopFolder
SHCreateDirectoryExW
SHBindToParent
SHBrowseForFolderW
SHGetPathFromIDListA
SHCreateShellItem
SHGetPathFromIDListW

Exports

Exports

DllInit
DllInstall

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13938d41dd51619f1f45563dbd39eb02

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB