b51991206f5cb1aeb690f099c742f3b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b51991206f5cb1aeb690f099c742f3b3_JaffaCakes118
Size

534KB
MD5

b51991206f5cb1aeb690f099c742f3b3
SHA1

62804083ce7d14dfa89075ff5635c29308cdfcca
SHA256

5892b52822ba600481c8dc12846aed068e5f9c316526ae2de986a8c7b2a69ecd
SHA512

e09aab153be37ce76ed78501ec6ed4a196c4ae569e03c9e4c0f5edf319adc97d120911e3eba6062bc34dc84ba985b848d297f743f4c2dda2ab224117e57e19da
SSDEEP

12288:BGR+zXiApD/nAZ8+q8WcsvY02s5xPG/vZtz4IM:EYzPN/nm8VysAls5xPEvZqIM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b51991206f5cb1aeb690f099c742f3b3_JaffaCakes118

Files

b51991206f5cb1aeb690f099c742f3b3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2bde772824b00712e41576e90fae15d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\build_area\boxedappsdk__demo\current\src\BoxedAppSolution\release\BoxedAppSDK.pdb

Imports

kernel32

GetCurrentProcess
GetModuleHandleW
GetProcAddress
LoadLibraryA
FreeLibrary
VirtualFree
GetLocaleInfoW
lstrlenW
lstrcpyW
lstrlenA
OpenProcess
VirtualFreeEx
CloseHandle
Sleep
CreateThread
TlsAlloc
TlsFree
WriteFile
LoadLibraryW
VirtualProtect
GetLastError
ResumeThread
GetTickCount
lstrcatW
TlsGetValue
GetCurrentThread
FindResourceExW
FindResourceW
CreateFileW
ReadFile
LoadLibraryExW
EnumResourceNamesW
LoadResource
LockResource
SizeofResource
CreateProcessW
lstrcpyA
SetFilePointer
ReadProcessMemory
TerminateProcess
SetLastError
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
FlushInstructionCache
DuplicateHandle
CreatePipe
CreateEventW
CreateRemoteThread
GetFileSize
GetFileAttributesW
LocalFree
TlsSetValue
GetCurrentProcessId
TerminateThread
ReleaseSemaphore
InterlockedDecrement
GetCurrentThreadId
CreateSemaphoreW
InterlockedIncrement
SwitchToThread
HeapCreate
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
HeapDestroy
GetEnvironmentVariableW
GetEnvironmentVariableA
FlushFileBuffers
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
lstrcmpA
GetSystemDirectoryW
GetSystemTime
SystemTimeToFileTime
GetFullPathNameW
lstrcpynW
SetErrorMode
GetLogicalDriveStringsW
CreateDirectoryW
VirtualAlloc
VirtualQuery
GetSystemInfo
WaitForSingleObject
InterlockedExchange
InterlockedCompareExchange
SuspendThread
lstrcmpiA

user32

MessageBoxA
wsprintfA

advapi32

RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegQueryValueExW

ole32

CoUnmarshalInterface
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
StringFromCLSID

oleaut32

SysFreeString
VariantInit
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayPutElement
SysAllocString

Exports

Exports

BoxedAppSDK_AddHandler
BoxedAppSDK_Alloc
BoxedAppSDK_AttachToProcess
BoxedAppSDK_CreateProcessFromMemoryA
BoxedAppSDK_CreateProcessFromMemoryW
BoxedAppSDK_CreateVirtualFileA
BoxedAppSDK_CreateVirtualFileBasedOnBufferA
BoxedAppSDK_CreateVirtualFileBasedOnBufferW
BoxedAppSDK_CreateVirtualFileBasedOnIStreamA
BoxedAppSDK_CreateVirtualFileBasedOnIStreamW
BoxedAppSDK_CreateVirtualFileW
BoxedAppSDK_CreateVirtualRegKeyA
BoxedAppSDK_CreateVirtualRegKeyW
BoxedAppSDK_DeleteFileFromVirtualFileSystemA
BoxedAppSDK_DeleteFileFromVirtualFileSystemW
BoxedAppSDK_DetachFromProcess
BoxedAppSDK_EnableDebugLog
BoxedAppSDK_EnableHook
BoxedAppSDK_EnableOption
BoxedAppSDK_EnumVirtualRegKeysA
BoxedAppSDK_EnumVirtualRegKeysW
BoxedAppSDK_ExecuteDotNetApplicationA
BoxedAppSDK_ExecuteDotNetApplicationW
BoxedAppSDK_Exit
BoxedAppSDK_Free
BoxedAppSDK_GetInternalValue
BoxedAppSDK_GetOriginalFunction
BoxedAppSDK_HookContext_GetArgument
BoxedAppSDK_HookContext_GetProcessId
BoxedAppSDK_HookContext_SetArgument
BoxedAppSDK_HookContext_SetContinueFlag
BoxedAppSDK_HookContext_SetReturnValue
BoxedAppSDK_HookFunction
BoxedAppSDK_Init
BoxedAppSDK_IsMainProcess
BoxedAppSDK_IsOptionEnabled
BoxedAppSDK_IsVirtualProcessId
BoxedAppSDK_IsVirtualProcessStub
BoxedAppSDK_RegisterCOMLibraryInVirtualRegistryA
BoxedAppSDK_RegisterCOMLibraryInVirtualRegistryW
BoxedAppSDK_RegisterCOMServerInVirtualRegistryA
BoxedAppSDK_RegisterCOMServerInVirtualRegistryW
BoxedAppSDK_RemoteAgent_DetachThreadProc
BoxedAppSDK_RemoteAgent_Info
BoxedAppSDK_RemoteAgent_Init
BoxedAppSDK_RemoteAgent_ThreadProc
BoxedAppSDK_RemoteProcess_Alloc
BoxedAppSDK_RemoteProcess_AllocStringA
BoxedAppSDK_RemoteProcess_AllocStringW
BoxedAppSDK_RemoteProcess_EnableOption
BoxedAppSDK_RemoteProcess_Free
BoxedAppSDK_RemoteProcess_HookFunction
BoxedAppSDK_RemoteProcess_IsOptionEnabled
BoxedAppSDK_RemoteProcess_LoadLibraryA
BoxedAppSDK_RemoteProcess_LoadLibraryW
BoxedAppSDK_RemoteProcess_ReadStringA
BoxedAppSDK_RemoteProcess_ReadStringW
BoxedAppSDK_RemoveHandler
BoxedAppSDK_SetContext
BoxedAppSDK_SetLogFileA
BoxedAppSDK_SetLogFileW
BoxedAppSDK_SetParam0
BoxedAppSDK_UnhookFunction
BoxedAppSDK_Utils_ParseRegFileA
BoxedAppSDK_Utils_ParseRegFileW
BoxedAppSDK_WriteLogA
BoxedAppSDK_WriteLogW

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bde772824b00712e41576e90fae15d5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 177KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 276KB - Virtual size: 274KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 180KB - Virtual size: 177KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 276KB - Virtual size: 274KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB