bb0e10b8df51769b5be34369489e8267_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bb0e10b8df51769b5be34369489e8267_JaffaCakes118
Size

104KB
MD5

bb0e10b8df51769b5be34369489e8267
SHA1

6c426d60130a688b760f4d5714f49885cb8f9861
SHA256

aec34aa0d02934968fa219c05e6bae9080f84ef1303514d9803b67c815b99b1b
SHA512

d1ce6bad6201046da968446fd56abca7d67103c40bb2c1b33bedd96ccd9ea84efc325723d6ad2141b3275576b6357264cbe0cecd742b21195fd4221f7d16ebb8
SSDEEP

3072:K5qEz+KUhyf7/rvowQw1uyFEqf7L+Gz/EdSGzJ3SyYpfaqsz0x5ET9:zEj8yTjDQw1NFzf7yG7DGrYp0z0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb0e10b8df51769b5be34369489e8267_JaffaCakes118

Files

bb0e10b8df51769b5be34369489e8267_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e45af73a35839d3a21fffc3d1fe6580f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

resutils

ResUtilGetProperty
ClusWorkerTerminate
ResUtilIsPathValid
ResUtilGetPropertySize
ResUtilDupString
ResUtilEnumResourcesEx
ResUtilEnumProperties
ResUtilSetPrivatePropertyList
ResUtilGetEnvironmentWithNetName
ResUtilSetPropertyTable
ResUtilGetResourceDependencyByClass
ResUtilFindLongProperty
ResUtilCreateDirectoryTree
ResUtilAddUnknownProperties
ResUtilGetCoreClusterResources
ResUtilGetSzValue
ResUtilEnumResources
ResUtilGetAllProperties
ResUtilExpandEnvironmentStrings
ResUtilVerifyPropertyTable
ResUtilFindExpandSzProperty
ResUtilGetProperties
ResUtilSetBinaryValue
ResUtilGetSzProperty
ResUtilGetResourceDependency
ResUtilGetMultiSzProperty
ResUtilResourceTypesEqual
ClusWorkerCheckTerminate
ResUtilSetResourceServiceStartParameters
ResUtilSetPropertyParameterBlockEx
ResUtilSetResourceServiceEnvironment
ResUtilGetBinaryProperty
ResUtilFindMultiSzProperty
ResUtilPropertyListFromParameterBlock
ClusWorkerCreate
ResUtilFreeEnvironment
ResUtilSetSzValue
ClusWorkerStart
ResUtilVerifyResourceService
ResUtilGetDwordProperty
ResUtilSetExpandSzValue
ResUtilResourcesEqual
ResUtilFindSzProperty
ResUtilStopService
ResUtilSetMultiSzValue

kernel32

BindIoCompletionCallback
FindNextFileW
IsDebuggerPresent
GetBinaryType
MulDiv
ResetEvent
WriteConsoleInputVDMW
SetFilePointerEx
FindFirstVolumeA
FlushConsoleInputBuffer
ResetWriteWatch
EnumCalendarInfoExA
GetConsoleTitleA
LeaveCriticalSection
DnsHostnameToComputerNameA
EndUpdateResourceA
SetTermsrvAppInstallMode
CreateSemaphoreA
GlobalWire
GetUserDefaultLCID
SetConsoleIcon
IsValidLanguageGroup
IsBadWritePtr
SetConsoleMode
Heap32First
CreateConsoleScreenBuffer
GetPrivateProfileStringA
EnumResourceTypesA
BeginUpdateResourceW
RegisterWaitForInputIdle
GetThreadSelectorEntry
BuildCommDCBW
IsDBCSLeadByteEx
TerminateThread
WriteConsoleOutputAttribute
FlushViewOfFile
GetConsoleAliasExesLengthA
FindFirstVolumeMountPointA
FindActCtxSectionStringA
FoldStringA
GetSystemDirectoryW
CreateNamedPipeW
FindFirstFileExA
GetConsoleCommandHistoryLengthA
RtlFillMemory
CreateDirectoryA
GetNumaHighestNodeNumber
AttachConsole
GetMailslotInfo
LoadLibraryExA
EnumSystemGeoID
_hwrite
GetCurrencyFormatA
DeleteFileW
FreeUserPhysicalPages
GetCurrentProcess
lstrcpynA
_llseek
IsBadHugeReadPtr
LoadLibraryA
GetConsoleFontInfo
GetConsoleInputExeNameW
LocalFree
SetTimerQueueTimer
GetNamedPipeInfo
VirtualAlloc
GetModuleHandleA
DnsHostnameToComputerNameW
EnumDateFormatsExA
SetCalendarInfoA
LCMapStringA
SetConsoleWindowInfo
GlobalAlloc
GetConsoleDisplayMode
CreateTimerQueue
SetSystemTime
AllocateUserPhysicalPages
ScrollConsoleScreenBufferW
lstrcmpiW
SetCommTimeouts
RemoveLocalAlternateComputerNameW
Toolhelp32ReadProcessMemory
GetVersionExA
DeleteFileA
CommConfigDialogA
GetCurrentThread
EnumerateLocalComputerNamesA
SetConsolePalette
LZOpenFileW

crtdll

_unloaddll
fabs
_mbsnextc
strspn
_stat
_getcwd
abs
_fullpath
wcstol
vswprintf
_strnset
__GetMainArgs
_winver_dll
atexit
setvbuf
_fsopen
_sys_errlist
_isctype
asin
_ismbcdigit
_local_unwind2
_snwprintf
memcpy
_creat
sscanf
_fcloseall
strpbrk
modf
fgetwc
_ismbblead
_memicmp
ceil
_osver_dll
tolower
difftime
_lrotr

hlink

HlinkCreateFromData
HlinkClone
HlinkOnRenameDocument
HlinkUpdateStackItem
OleSaveToStreamEx
HlinkCreateFromString
HlinkResolveStringForData
HlinkNavigateToStringReference
HlinkGetSpecialReference
HlinkSetSpecialReference
HlinkTranslateURL
HlinkResolveShortcut
HlinkCreateShortcutFromMoniker
HlinkCreateBrowseContext
HlinkPreprocessMoniker
HlinkCreateFromMoniker
HlinkIsShortcut
HlinkCreateExtensionServices
HlinkCreateShortcutFromString
HlinkResolveMonikerForData
HlinkGetValueFromParams
HlinkParseDisplayName
DllGetClassObject
HlinkResolveShortcutToString
HlinkCreateShortcut

gdi32

DdEntry41
CloseMetaFile
DdEntry10
SetMetaFileBitsEx
AnimatePalette
GetKerningPairsW
CLIPOBJ_bEnum
SetPixel
RemoveFontResourceW
DdEntry35
SetDIBitsToDevice
DrawEscape
StartFormPage
GetArcDirection
GetEnhMetaFileDescriptionA
DdEntry15
GetTextMetricsW
GetCharWidth32A
ExtSelectClipRgn
GetTransform
Chord
GdiReleaseDC
EndPage
EngCreatePalette
GetGraphicsMode
GetEnhMetaFilePaletteEntries
SetStretchBltMode
GdiEntry1
SetArcDirection
GetBkMode
EngCreateSemaphore
GetCharABCWidthsA
HT_Get8BPPMaskPalette
GdiConvertBrush
GetCharWidthW
GetLayout

netapi32

NetWkstaTransportAdd
NetServiceEnum
NetApiBufferFree
DsRoleDnsNameToFlatName
NetLocalGroupAddMembers
NlBindingRemoveServerFromCache
DsRoleDcAsReplica
NetLocalGroupDel
NetShareDel
DsRoleFreeMemory
I_NetLogonSendToSam
DsGetDcNextW
NetConfigGet
NetDfsAdd
NetDfsManagerInitialize
NetRemoveAlternateComputerName
NetGroupSetUsers
DsAddressToSiteNamesA
NetUseEnum
NetapipBufferAllocate
NetGetAnyDCName
NetScheduleJobDel
DsGetForestTrustInformationW
NetShareEnum
RxNetServerEnum
I_NetServerTrustPasswordsGet
NetFileEnum
DsMergeForestTrustInformationW
NetDfsManagerGetConfigInfo
NetFileGetInfo
DsGetSiteNameA
NetReplExportDirSetInfo
I_NetGetDCList
NetSessionDel
NetpAllocFtinfoEntry
NetReplImportDirAdd
NetpwPathCanonicalize
NetAuditRead
NetMessageNameDel
NetErrorLogWrite

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e45af73a35839d3a21fffc3d1fe6580f

Headers

File Characteristics

Imports

resutils

kernel32

crtdll

hlink

gdi32

netapi32

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 37KB - Virtual size: 93KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 968B

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 37KB - Virtual size: 93KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 968B