afbef3bbaa2bbf51b755e6f74df314bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

afbef3bbaa2bbf51b755e6f74df314bd_JaffaCakes118
Size

420KB
MD5

afbef3bbaa2bbf51b755e6f74df314bd
SHA1

deab8013c96d8a0ab1d29f4c9468071ce0946afc
SHA256

5de9470c3ef8816d22ba5a0e22bf38bd55f4a3666a4cd0121325ace0fe434bd9
SHA512

a829a8ac1b2b944a332c672d3a8bc4034d02da0e56197e5a92e019248d11e783ae17fd27e79554cd93756a588201929e84b9a8485ad8944a506d6f4096d908b7
SSDEEP

6144:sQOmkHvK38Tr9qw9CNZc806Nc311KvD8ZMaT4yvTya07n:srHG/valgIZTTzGn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afbef3bbaa2bbf51b755e6f74df314bd_JaffaCakes118

Files

afbef3bbaa2bbf51b755e6f74df314bd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1aed479a638dd16f2bdd60e73317667b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

z:\engine\lexlog\release\LexLog.pdb

Imports

kernel32

GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteFile
FreeLibrary
LoadLibraryA
GetLocaleInfoW
GetTimeZoneInformation
CompareStringA
LCMapStringW
SetEnvironmentVariableA
GetShortPathNameA
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateMutexA
GetFileAttributesA
CreateDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateFileA
GetWindowsDirectoryA
MoveFileExA
DeleteFileA
SetFileAttributesA
RemoveDirectoryA
ExpandEnvironmentStringsA
GetTempPathA
GetSystemDirectoryA
GetSystemInfo
LocalFree
FindNextFileA
FindClose
FindFirstFileA
LocalAlloc
CreateFileW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
ReadFile
FlushFileBuffers
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetProcessHeap
HeapAlloc
GetVersionExA
GetCommandLineA
GetCurrentThreadId
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep
InterlockedDecrement
CompareStringW
InterlockedIncrement
GetConsoleMode
GetConsoleCP
SetEndOfFile

winspool.drv

GetPrintProcessorDirectoryA
GetPrinterDriverDirectoryA

advapi32

RegDeleteKeyA
RegQueryInfoKeyA
RegCreateKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegGetKeySecurity
RegSetKeySecurity
RegOpenKeyA
RegConnectRegistryA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegEnumValueA
AllocateAndInitializeSid
FreeSid
RegSetValueExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

AddAnyItem
AddDirectory
AddDirectoryEx
AddDriverName
AddDriverNameEx
AddFile
AddFileEx
AddRegistry
AddRegistryEx
AddWholeRegistryKey
AddWholeRegistryKeyEx
DetectLogFile
FindLogFile
GetAllDriverNames
GetAllDriverNamesEx
GetDllVersion
GetItemStatus
GetLogFile
IsInstalled
LexLogFree
SetItemStatus
SetLogFile

Sections

.text
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1aed479a638dd16f2bdd60e73317667b

Headers

File Characteristics

PDB Paths

Imports

kernel32

winspool.drv

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 304KB - Virtual size: 301KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 48KB

.rsrc Size: 4KB - Virtual size: 840B

.reloc Size: 40KB - Virtual size: 36KB

.text
Size: 304KB - Virtual size: 301KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 48KB

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 40KB - Virtual size: 36KB