bfed1d3562d607cba12bd95d708cd7ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bfed1d3562d607cba12bd95d708cd7ee_JaffaCakes118
Size

348KB
MD5

bfed1d3562d607cba12bd95d708cd7ee
SHA1

ebc9e05101e5210519fc53fe1d9f8f429a44f099
SHA256

6a67b85796b7a86364acea5f3a63faae52876274cfdb88e0d655bf12caed7bca
SHA512

b0abb764f548361a08bb267556c2f76b74870d87ef05c8bcfae388f65b3490109417d94fb17fcc918ffc424b3365ebf4e36df97fb4c2bfe8161d3aac7e6697eb
SSDEEP

6144:QYegS5g85ZKbcsQ+IaVHIEVnrgmjg4uapVEn6cIwjSEW2jQFjMvy2atrwdUpRM0s:4suLDDU87bnjImwYAOxjpp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfed1d3562d607cba12bd95d708cd7ee_JaffaCakes118

Files

bfed1d3562d607cba12bd95d708cd7ee_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7f224907cc462e83cf6fac7540d98861

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nclsynchandler

ord10
ord13
?StartListeningPackageNotify@SyncPackageNotify@@QAEKPAX@Z
ord15
ord17
ord14
ord11
??_7SyncPackageNotify@@6B@
??_7SyncCmdNotify@@6B@
ord16
ord18
ord20
ord21
ord23
?StartListeningCmdNotify@SyncCmdNotify@@QAEKPAX@Z
ord22

ncltools

??1CNclModeSwitch@@QAE@XZ
?NclGetEnvironment@@YAJPAUNCL_ENVIRONMENT_DATA@@@Z
??0CNclModeSwitch@@QAE@XZ
?NclInit@@YAXPAUHINSTANCE__@@PA_WPAVCModuleInfo@@@Z
?NclLogDump@@YAXAAVCModuleInfo@@JK@Z
?NclStartThread@CNclThread@@QAEJPAVCNclThreadTask@@@Z
??1CNclThread@@QAE@XZ
??0CNclThread@@QAE@XZ
?NclThreadTimeout@CNclThread@@UAEJK@Z
?NclThreadWait@CNclThread@@UAEJK@Z
?NclLogDump@@YAXAAVCModuleInfo@@PBDZZ

kernel32

LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
IsBadCodePtr
DeleteFileW
FindFirstFileW
FindClose
CreateDirectoryW
CloseHandle
CreateFileW
lstrlenW
ReadFile
WriteFile
SetFilePointer
GetConsoleCP
GetFileSize
MultiByteToWideChar
FreeLibrary
GetModuleHandleW
InterlockedIncrement
CreateThread
SizeofResource
InterlockedDecrement
InitializeCriticalSection
LoadResource
SetEvent
FindResourceW
WaitForMultipleObjects
DeleteCriticalSection
LoadLibraryExW
DisableThreadLibraryCalls
RaiseException
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
GlobalFree
ExitThread
CreateEventW
WaitForSingleObject
Sleep
GetTickCount
ResetEvent
GlobalAlloc
WideCharToMultiByte
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLastError
GetConsoleOutputCP
FlushFileBuffers
CreateFileA
WriteConsoleW
WriteConsoleA
SetStdHandle
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetProcessHeap
GetCommandLineA
GetCurrentThreadId
VirtualFree
HeapReAlloc
HeapAlloc
VirtualQuery
GetSystemInfo
GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualProtect
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
GetCurrentProcess

user32

CharUpperBuffW
UnregisterClassA
CharNextW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegSetValueExW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysStringLen
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysAllocStringLen
SysAllocString
SysFreeString
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayDestroy
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VarBstrCat
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPutElement
SafeArrayRedim

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7f224907cc462e83cf6fac7540d98861

Headers

File Characteristics

Imports

nclsynchandler

ncltools

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 9KB - Virtual size: 16KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 15KB - Virtual size: 14KB

.text Size: 113KB - Virtual size: 116KB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 15KB - Virtual size: 14KB

.text
Size: 113KB - Virtual size: 116KB