ced0880e46078cfc614e0457bf341f7b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ced0880e46078cfc614e0457bf341f7b_JaffaCakes118
Size

196KB
MD5

ced0880e46078cfc614e0457bf341f7b
SHA1

b7ba052699bb071182862127681f159ce8022a75
SHA256

bb2b3177e7cccb5d7a20f68bdac512c536fad3852af0d5edef1a2ec56b79df8b
SHA512

31f60eac4157b1ffdec46fc659e9e9ee86d328e15b43f79ee1f13f4452498b682230434687fd695fd75e44b172bbb78f414543a323fce82ff03a136f9aaeb5ac
SSDEEP

3072:0PllnyuLpRPvL6HOkdsRc1kHY1/0BE0o5eARRpQ3z3qo5V/gk:SP186m1kEvDqDvV/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ced0880e46078cfc614e0457bf341f7b_JaffaCakes118

Files

ced0880e46078cfc614e0457bf341f7b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8769bf10e41af045096d52cc19078fe6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
ReadFile
FindFirstFileW
FindClose
FindNextFileW
GetCurrentProcessId
GetComputerNameW
VirtualAlloc
VirtualFree
SetFilePointer
DeviceIoControl
GetFileAttributesW
TlsSetValue
TlsGetValue
GetTickCount
GetSystemTimeAsFileTime
SetFileAttributesW
SetPriorityClass
ExpandEnvironmentStringsW
LoadLibraryA
CreateEventW
SetProcessShutdownParameters
SetConsoleCtrlHandler
SetEnvironmentVariableW
GetEnvironmentVariableW
IsDebuggerPresent
GetOEMCP
GetACP
GetCPInfo
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
HeapReAlloc
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetVersion
RtlUnwind
HeapFree
HeapAlloc
RaiseException
TlsAlloc
GetStringTypeW
CreateSemaphoreW
ReleaseMutex
GetUserDefaultLCID
CompareFileTime
DeleteFileW
lstrcatW
GetModuleFileNameW
lstrcpynW
lstrcmpiW
LCMapStringW
lstrcpyW
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
DisableThreadLibraryCalls
InterlockedCompareExchange
InterlockedExchange
LocalFree
LockResource
CreateThread
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
LoadResource
GetExitCodeThread
WaitForSingleObject
Sleep
GetCommandLineW
CreateMutexW
InterlockedIncrement
GetProcAddress
FreeLibrary
InterlockedDecrement
lstrlenW
GetCurrentThreadId
lstrcmpW
FormatMessageW
CreateFileW
CreateProcessW
CloseHandle
FindResourceExW
VirtualProtect
GetStringTypeA
GetCommandLineA

user32

SetWindowTextW
EnableWindow
SendMessageW
GetDlgItem
DestroyMenu
ClientToScreen
InsertMenuW
EndDialog
TranslateMessage
PeekMessageW
SetForegroundWindow
GetLastActivePopup
FindWindowW
GetDlgCtrlID
LoadImageW
MessageBoxW
DefWindowProcW
CharNextW
SendMessageA
LoadStringW
DispatchMessageW
GetWindowTextW
GetSystemMetrics
GetWindowRect
IsWindowEnabled
ShowWindow
GetClientRect
SetWindowLongW
GetWindowLongW
SetTimer
CharLowerW
GetDC
ReleaseDC
SystemParametersInfoW
ScreenToClient
CreateWindowExW
SetWindowPos
PostMessageW
CallWindowProcW
TrackPopupMenu

advapi32

LsaClose
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptGenRandom
RevertToSelf
RegCloseKey
ReportEventW
RegisterEventSourceW
CryptAcquireContextW
CryptGetUserKey
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
IsTokenRestricted
RegCreateKeyExW
ElfReportEventW
LsaOpenPolicy
LsaQueryInformationPolicy
ImpersonateLoggedOnUser
LsaSetInformationPolicy
LsaSetDomainInformationPolicy
RegCreateKeyW
SystemFunction007
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegOpenKeyExW
LsaFreeMemory

gdi32

SelectObject
ExtTextOutW
SetTextColor
DeleteObject
CreateFontIndirectW
LineDDA
LineTo
MoveToEx
CreatePen
SetBkColor
GetDeviceCaps
GetLayout

ole32

CoCreateGuid
PropVariantClear
CoTaskMemFree
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize

rpcrt4

RpcImpersonateClient
RpcRevertToSelf
RpcBindingInqAuthClientW
RpcStringFreeW
UuidToStringW
UuidCreate

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8769bf10e41af045096d52cc19078fe6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

rpcrt4

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 16KB - Virtual size: 48KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 16KB - Virtual size: 48KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB