c94c31839e8e8cc13869e4c8e0fb5841_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c94c31839e8e8cc13869e4c8e0fb5841_JaffaCakes118
Size

80KB
MD5

c94c31839e8e8cc13869e4c8e0fb5841
SHA1

f1474d30a8d4fc3cd7cabd23610cf5acba4243d9
SHA256

424a8f9d3c2c5d73415009da6e110127ef7cc3a7ab7e18045c6d69c597d26190
SHA512

19733d3b9f460fda612fa3fdfb8dc47fcd4d05628f1a71b873fca28a5c8660cd716f0990e39dacaec38062d3147a2c9bd8c2e4804876bfa9d3f1d058073081a2
SSDEEP

1536:2tOpiebZ49MRKSiALzCJu6J/y0kVZjC9H32sapid:2Ipt3YdHQ6JHYZjC9H32sapi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c94c31839e8e8cc13869e4c8e0fb5841_JaffaCakes118

Files

c94c31839e8e8cc13869e4c8e0fb5841_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d1df395da07bbfa3353de3c11b0add4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetUserDefaultUILanguage
LockFile
CreateProcessW
ChangeTimerQueueTimer
GetDiskFreeSpaceExW
QueueUserWorkItem
VirtualAlloc
GetProcessVersion
FindCloseChangeNotification
GetTickCount
lstrcpyA
UnregisterWaitEx
SetProcessWorkingSetSize
WriteProcessMemory
FindFirstVolumeW
HeapUnlock
MoveFileExW
FindFirstFileA
GetEnvironmentStrings
SetErrorMode
CreateWaitableTimerA
VerifyVersionInfoW
ReleaseMutex
GetFileAttributesA
ReadFileEx
WaitForMultipleObjects
RemoveDirectoryW
EscapeCommFunction
GetComputerNameW
lstrcmpiW
CopyFileW
SetFilePointerEx
ReplaceFileW
VerLanguageNameW
SetEvent
GetEnvironmentVariableA
GetTempPathA
GetSystemPowerStatus
SetConsoleMode
DisconnectNamedPipe
UnregisterWait
OpenSemaphoreA
FindAtomW
WriteFileEx
WaitForSingleObjectEx
LockResource
GetExitCodeProcess
GetStartupInfoW
GetTempPathW
DeleteFileW
OpenThread
LCMapStringW
MoveFileW
GetThreadTimes
SetHandleCount
GetVersion
GetNumberFormatA
SearchPathA
CreatePipe
RtlUnwind
OpenFileMappingW
GetSystemWindowsDirectoryA
SwitchToThread
SetFileTime
GetFileAttributesW
GetHandleInformation
LocalAlloc
FindFirstFileExW
FindResourceA
GetSystemTimeAdjustment
IsBadHugeWritePtr
DeleteTimerQueueEx
CreateIoCompletionPort
WriteConsoleA
CopyFileExW
GlobalFree
IsWow64Process
LocalLock
TryEnterCriticalSection
GetLocaleInfoA
ConnectNamedPipe
CreateTimerQueue
GetProfileSectionA
TerminateThread
FreeConsole
GetConsoleMode
PurgeComm
GetBinaryTypeW
RegisterWaitForSingleObjectEx
GetLogicalDriveStringsA
RemoveDirectoryA
ReadFile
GetFileAttributesExW
GetVolumePathNameW
GetCurrentProcess
OpenProcess
FindNextChangeNotification
GetLogicalDriveStringsW
GetCommandLineW
ExitProcess
GlobalFlags
MapViewOfFileEx
GetSystemInfo
IsValidLocale
GetProfileIntA
SearchPathW
GetAtomNameW
FindVolumeMountPointClose
FormatMessageW
FindResourceExW
GetBinaryTypeA
SizeofResource
UnlockFile
ClearCommError
FlushFileBuffers
GlobalGetAtomNameA
FindFirstChangeNotificationA
GetStringTypeW
LeaveCriticalSection
CreateMutexA
GetProcessHeap
GetSystemTimeAsFileTime
CloseHandle
lstrcatW
CopyFileA
GetProcAddress
lstrcpyW
GetModuleHandleA
EnterCriticalSection
UnmapViewOfFile
VirtualQuery
CreateDirectoryA
LoadLibraryA
CreateFileMappingA
MoveFileExA
lstrlenA
GetModuleFileNameA
InterlockedExchange
lstrlenW
InitializeCriticalSection
HeapAlloc
SetSystemTime

shlwapi

PathRemoveExtensionW
StrFormatKBSizeW
UrlIsW
StrCatBuffW
SHGetValueW
SHGetValueA
PathCommonPrefixW
AssocQueryStringW
PathFindNextComponentW
SHCreateShellPalette
SHStrDupW
PathCanonicalizeW
PathGetCharTypeW
UrlCreateFromPathW
wnsprintfA
StrDupW
PathGetArgsW
PathIsUNCServerW
StrStrW
PathBuildRootW
StrRChrW
PathIsRelativeW
SHSetValueW
PathIsDirectoryW
AssocCreate
PathCompactPathW
StrCmpNIW
StrCpyNW
PathRemoveBackslashW
PathIsFileSpecW
StrStrIA
StrStrIW
PathGetDriveNumberW

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RevertToSelf
RegEnumValueA
QueryServiceConfigW
RegEnumKeyExW
ReadEventLogW
CreateServiceA
CloseEventLog
RegRestoreKeyW
DuplicateTokenEx
GetUserNameW
RegFlushKey
EnumDependentServicesA
RegQueryInfoKeyW
RegQueryValueW
ClearEventLogW
RegisterServiceCtrlHandlerExA
GetServiceDisplayNameW
RegisterServiceCtrlHandlerW
LockServiceDatabase
MapGenericMask
RegRestoreKeyA
RegOpenKeyExW
MakeSelfRelativeSD
ImpersonateSelf
RegSaveKeyExW
RegConnectRegistryA
RegQueryInfoKeyA
OpenThreadToken
RegReplaceKeyW
DeregisterEventSource
ControlService
RegCreateKeyExA
StartServiceCtrlDispatcherA
ImpersonateAnonymousToken
QueryServiceStatusEx
DuplicateToken
RegCloseKey

gdi32

GetTextFaceW
SetMetaRgn
SetWindowExtEx
AbortPath
CreateMetaFileA
StartDocW
GetTextExtentPoint32A
GetObjectA
CloseMetaFile
GetTextCharsetInfo
CreateScalableFontResourceA
FlattenPath
UpdateColors
SetColorAdjustment
DeleteMetaFile
PolyDraw
RoundRect
GetNearestColor
InvertRgn
SetArcDirection
GetPaletteEntries
PathToRegion
GetStretchBltMode
SetMetaFileBitsEx
CreateEnhMetaFileA
SetBitmapDimensionEx
GetGlyphOutlineW
GetTextExtentPointA
CreateRectRgnIndirect
GetStockObject
CreatePen
StartPage
CreateEnhMetaFileW
StartDocA
GetRegionData
CopyMetaFileW
CreatePatternBrush
CreateFontIndirectA
DescribePixelFormat
CreateRoundRectRgn
RemoveFontResourceW
Polygon
GetEnhMetaFileA
SelectObject
AnimatePalette
SetPaletteEntries
GetLayout
GetCharABCWidthsA
Escape
EnumFontFamiliesExW
AbortDoc
SetPolyFillMode
GetRandomRgn
CreateHalftonePalette
ScaleViewportExtEx
AddFontResourceA
PolyBezierTo
CreateEllipticRgnIndirect
PtVisible
CreateFontW
ResizePalette
SwapBuffers
BeginPath
StrokePath
ExtEscape
LPtoDP
GetPixel
SetMiterLimit
CombineRgn
CreateICW
GetBitmapDimensionEx
SetWindowOrgEx
PtInRegion
SetMapMode
ResetDCA
GetKerningPairsA
FillRgn
GetCharWidthA
GetROP2
EndPath
SetBrushOrgEx
CopyEnhMetaFileA
CreateDIBSection
IntersectClipRect
PlayEnhMetaFile
PolyPolyline
CreateDIBPatternBrushPt

Exports

Exports

DllInit
DllInstall

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1df395da07bbfa3353de3c11b0add4a

Headers

File Characteristics

Imports

kernel32

shlwapi

advapi32

gdi32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 992B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 992B

.reloc
Size: 4KB - Virtual size: 2KB