b43b82170491025bbe61e0a8396c716e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b43b82170491025bbe61e0a8396c716e_JaffaCakes118
Size

265KB
MD5

b43b82170491025bbe61e0a8396c716e
SHA1

c5431cea402848dfb99a7fb41262e884a38c5c56
SHA256

d53051640160930d6c8d5d8a4398bdcf1fa26cd081a7452417e1e37f9ed116d3
SHA512

85491933e084e8d16a73cd928940c2734eaa921643d063348fe97d5138d905135cfb3a737c2c8fafc22262cc3c25dfbe10324b14ba6e5b4fe80bba8d26fd8a6a
SSDEEP

6144:bYixwXPT2Dc4eWHWKdvxh/qPZOBKpelDrVYs4kzeC5bR1C5bR1C5b0m:bYia/6VxB3qP8KpeZrVYsvzeC5bR1C5q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b43b82170491025bbe61e0a8396c716e_JaffaCakes118

Files

b43b82170491025bbe61e0a8396c716e_JaffaCakes118
.dll regsvr32 windows:4 windows x64 arch:x64

47df66554b1ed8a7a99085775ede7bb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Shim64.pdb

Imports

kernel32

IsBadStringPtrA
IsBadReadPtr
ResumeThread
Thread32Next
SuspendThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
FreeLibrary
GetCurrentProcess
LoadLibraryA
Process32NextW
Process32FirstW
FreeLibraryAndExitThread
WaitForMultipleObjects
GetLastError
OpenProcess
ResetEvent
CreateThread
TerminateThread
VirtualProtect
GetSystemDirectoryW
DisableThreadLibraryCalls
LoadLibraryW
VirtualAlloc
VirtualFree
GetVersionExW
DuplicateHandle
VirtualLock
IsBadWritePtr
VirtualUnlock
IsBadCodePtr
ReleaseMutex
CreateMutexW
GetProcAddress
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetModuleHandleA
SetLastError
FindFirstFileExW
GetVersion
CreateEventW
CreateSemaphoreW
SetWaitableTimer
CreateWaitableTimerW
HeapAlloc
GetCurrentThreadId
GetCurrentProcessId
SetStdHandle
WriteConsoleW
ReleaseSemaphore
SetEvent
GetModuleHandleW
GetProcessHeap
HeapFree
GetModuleFileNameW
WaitForSingleObject
CloseHandle
lstrcatA
CreateEventA
WideCharToMultiByte
GetComputerNameW
lstrlenW
LocalFree
FindResourceExW
FindResourceW
LoadResource
LockResource
lstrcmpiW
SizeofResource
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
FlsAlloc
TlsSetValue
FlsFree
TlsFree
FlsGetValue
RtlVirtualUnwind
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
FlsSetValue
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
Sleep
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
GetTickCount
ReadFile
SetFilePointer
GetFileSize
WriteFile
GlobalAlloc
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
CreateFileW
lstrcpynW
lstrcpyW
CreateFileA
CreateFileMappingW
OpenFileMappingW
GetACP
GetSystemTimeAsFileTime
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter

user32

GetDesktopWindow
CharLowerBuffW
UnregisterClassA
DispatchMessageW
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
PostMessageW
IsWindow
GetParent
LoadStringW
GetWindowTextW
ValidateRgn
GetCursorPos
InvalidateRgn
SendMessageW
CharLowerW
GetThreadDesktop
EnumDesktopWindows
GetWindowThreadProcessId
EnumChildWindows
SendNotifyMessageW
GetClassNameW
PeekMessageW
MsgWaitForMultipleObjects
KillTimer
SetTimer
WaitForInputIdle

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
ConvertSidToStringSidW
CryptDestroyKey
CryptDecrypt
CryptDeriveKey
CryptAcquireContextW

ole32

CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
CoTaskMemFree
StringFromCLSID

oleaut32

SysAllocString
VarBstrCmp
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
SysFreeString

shlwapi

PathAppendW
PathRemoveFileSpecW
PathStripPathW
PathFileExistsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

dbghelp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EntryPointW

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SHIMDAT
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47df66554b1ed8a7a99085775ede7bb9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

dbghelp

Exports

Exports

Sections

.text Size: 154KB - Virtual size: 154KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 15KB - Virtual size: 39KB

.pdata Size: 11KB - Virtual size: 11KB

.SHIMDAT Size: 512B - Virtual size: 40B

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 154KB - Virtual size: 154KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 15KB - Virtual size: 39KB

.pdata
Size: 11KB - Virtual size: 11KB

.SHIMDAT
Size: 512B - Virtual size: 40B

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 2KB - Virtual size: 2KB