cf9652a6d11bad8ecb61fc974805f442_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf9652a6d11bad8ecb61fc974805f442_JaffaCakes118
Size

128KB
MD5

cf9652a6d11bad8ecb61fc974805f442
SHA1

94f48fc9b84ba7bd8a3122b33a67ec95b47aca01
SHA256

68a3313aa237ffb76f03db0e8115502838ef3c236b08ab499700e1264e8baf4e
SHA512

0b2093b969e4c6188b2df23fea6fdbad22f8d53c5be6aec002b39b46448300478478ec6b4ffbac5d545d6baa163f0b95dc1415030bdacbde5ca6c81146ae22c3
SSDEEP

3072:LSf+fOBtwirZ8YY82MhyGRoJJyv9wal5pWEUvVhG1lm:2f+wiHERw0v9wal5O+f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf9652a6d11bad8ecb61fc974805f442_JaffaCakes118

Files

cf9652a6d11bad8ecb61fc974805f442_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f7f9edacf11407497bb7160093ad2fbd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetQueuedCompletionStatus
GetProfileIntA
lstrcmpiW
WriteConsoleW
HeapSize
GetTempFileNameW
CreateConsoleScreenBuffer
GetDateFormatA
OpenFileMappingA
GetComputerNameExW
GetNumberFormatW
VirtualFree
GetFileAttributesExW
OpenSemaphoreW
DisconnectNamedPipe
FindClose
GetProfileStringW
IsProcessorFeaturePresent
GetModuleHandleExW
GetUserDefaultLCID
FindResourceExA
GetSystemTimeAdjustment
LCMapStringA
GetHandleInformation
DuplicateHandle
RaiseException
HeapValidate
GetTimeFormatA
GetConsoleScreenBufferInfo
GetDateFormatW
GetCommandLineA
FindResourceA
GetUserDefaultLangID
SetLocalTime
GlobalHandle
FindFirstVolumeW
CreateNamedPipeW
LocalHandle
VirtualAllocEx
ReadConsoleA
WinExec
EnumUILanguagesW
GetThreadTimes
PurgeComm
GetSystemWindowsDirectoryA
GetThreadContext
IsBadCodePtr
CreateDirectoryW
GetExitCodeThread
OpenProcess
FreeResource
lstrlenW
LocalUnlock
CompareStringW
LocalFlags
SetVolumeLabelA
CallNamedPipeA
CreateFileW
OpenMutexA
FormatMessageW
CancelIo
GlobalMemoryStatusEx
GetStartupInfoW
CreateSemaphoreA
SystemTimeToFileTime
FileTimeToDosDateTime
SetHandleCount
lstrcatA
GetFileTime
SetEndOfFile
ConnectNamedPipe
FindVolumeClose
LocalFileTimeToFileTime
FindResourceW
GetSystemDefaultUILanguage
BindIoCompletionCallback
OpenFileMappingW
GetExitCodeProcess
GetLocalTime
SuspendThread
GetConsoleCP
SetComputerNameA
OpenMutexW
SetEvent
CreateEventA
VerifyVersionInfoW
ReleaseSemaphore
RemoveDirectoryA
ReadConsoleW
lstrcpyW
AddAtomA
CompareStringA
WaitNamedPipeA
GetVolumeNameForVolumeMountPointW
OpenEventA
GlobalMemoryStatus
GetStringTypeA
GetProfileSectionA
QueueUserWorkItem
SetConsoleMode
OpenFile
RemoveDirectoryW
GlobalFlags
WaitForMultipleObjects
UpdateResourceA
SetCurrentDirectoryW
FindCloseChangeNotification
GetVolumePathNamesForVolumeNameW
ProcessIdToSessionId
UnregisterWait
LockFile
GetCurrentProcessId
HeapAlloc
UnmapViewOfFile
GetTickCount
CreateProcessA
MapViewOfFile
VirtualQuery
GetLastError
LeaveCriticalSection
InterlockedDecrement
ExpandEnvironmentStringsA
CreateFileA
EnterCriticalSection
LocalFree
GetProcessHeap
GlobalAlloc
GetProcAddress
WaitForSingleObject
Sleep
CreateFileMappingA
WriteFile
GetModuleFileNameA
CopyFileA
ReadFile
InitializeCriticalSection
InterlockedIncrement
LoadLibraryA
HeapFree
CreateMutexA
GetComputerNameA
GetCurrentDirectoryW
VirtualProtect

ole32

OleSaveToStream
OleTranslateAccelerator
CoTaskMemRealloc
ReadFmtUserTypeStg
CoDisconnectObject
OleRegEnumVerbs
OleLoad
OleCreateMenuDescriptor
CreateBindCtx
OleDestroyMenuDescriptor
OleRegGetUserType
StgOpenStorageEx
MkParseDisplayName
StringFromGUID2
OleRegGetMiscStatus
CoMarshalInterface
OleQueryCreateFromData
CoUnmarshalInterface
RevokeDragDrop
OleCreateLink
CoWaitForMultipleHandles
GetHGlobalFromStream
OleCreateLinkToFile
CoGetInterfaceAndReleaseStream
OleIsRunning
CoFreeUnusedLibrariesEx
CoUninitialize
OleCreate
OleSetContainedObject
CoCreateInstance

advapi32

ImpersonateLoggedOnUser
RegConnectRegistryA
OpenEventLogW
RegUnLoadKeyA
EnumDependentServicesW
QueryServiceConfig2W
RegEnumValueW
GetSecurityDescriptorSacl
RegQueryInfoKeyA
SetNamedSecurityInfoA
ConvertSidToStringSidA
LookupAccountNameA
RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
IsTokenRestricted
RegEnumValueA
StartServiceCtrlDispatcherA
RegUnLoadKeyW
CloseEventLog
RegQueryValueW
RegCreateKeyExW
GetInheritanceSourceW
GetOldestEventLogRecord
ReadEventLogA
RegQueryValueExW
ReportEventW
MakeAbsoluteSD
RegQueryInfoKeyW
StartServiceA
ChangeServiceConfig2W
RegOpenCurrentUser
SetThreadToken
OpenServiceA
CreateProcessAsUserW
NotifyChangeEventLog
OpenSCManagerA
QueryServiceStatusEx
ChangeServiceConfigA
GetEffectiveRightsFromAclW
UnlockServiceDatabase
NotifyBootConfigStatus
RegQueryValueA
RegLoadKeyA
GetNumberOfEventLogRecords
EnumServicesStatusA
GetUserNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7f9edacf11407497bb7160093ad2fbd

Headers

File Characteristics

Imports

kernel32

ole32

advapi32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB