cff3dea48c44577316e8e981a945d900_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cff3dea48c44577316e8e981a945d900_JaffaCakes118
Size

349KB
MD5

cff3dea48c44577316e8e981a945d900
SHA1

c96d9432b9a5d2e01f1283c8f04bb5cd0569639e
SHA256

83d8ca6327a585be118a9c7f41dba536443b795ffdb45a8f344756fd9c19f161
SHA512

c26abe6694c2768699d0933816fefaa6c9fc71cb4a6f9f5727c46a8a18b133f1a659d926f30c3f794096dc887fc16640a111b10fd1cc6181ed3af81f70c789a4
SSDEEP

6144:nhRzOEo2HG3HTxllHSi+YG7cJh2D2jkJrs4lg284ysj8DVxzIkPlsidmhigSx:nHHG3tn+YG7cJPotydxzkhigS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cff3dea48c44577316e8e981a945d900_JaffaCakes118

Files

cff3dea48c44577316e8e981a945d900_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

cc48504e5dc09795d4d1a1c1864a79e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

HNetCfg.pdb

Imports

msvcrt

_except_handler3
malloc
free
realloc
??2@YAPAXI@Z
swprintf
wcslen
_wcsicmp
_snwprintf
wcscpy
wcsncpy
wcsstr
wcstombs
wcscmp
_wtoi
wcscat
_ultow
wcstoul
iswdigit
_wcsnicmp
wcschr
wcsncmp
qsort
iswalpha
wcspbrk
memmove
_initterm
_adjust_fdiv
?terminate@@YAXXZ
__CxxFrameHandler
??3@YAXPAX@Z

ntdll

RtlIpv4AddressToStringW
NtQueryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlNtStatusToDosError
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
NtSetValueKey
NtClose
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
VerSetConditionMask
RtlStringFromGUID
RtlFreeUnicodeString
NtQueryValueKey
RtlInitUnicodeString
NtOpenKey
NtOpenFile

advapi32

CheckTokenMembership
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegNotifyChangeKeyValue
RegQueryValueExW
AllocateAndInitializeSid
RegDeleteKeyW
FreeSid
ChangeServiceConfigW
StartServiceW
ControlService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegEnumKeyExW

gdi32

GetTextExtentPointW
GetTextExtentPoint32W
ExtTextOutW
SetBkColor
SetTextColor
SelectObject
DeleteObject
GetTextMetricsW

kernel32

WideCharToMultiByte
lstrcmpA
DeviceIoControl
SetLastError
DelayLoadFailureHook
GetCurrentThreadId
LockResource
GetModuleHandleW
FormatMessageW
GlobalAlloc
GlobalFree
InterlockedCompareExchange
IsBadReadPtr
LocalFree
LocalAlloc
FreeLibraryAndExitThread
OpenEventW
CloseHandle
VerifyVersionInfoW
ExpandEnvironmentStringsW
GlobalDeleteAtom
IsBadWritePtr
GetComputerNameExW
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetComputerNameA
WaitForSingleObject
OpenProcess
SetEvent
GetLongPathNameW
InitializeCriticalSectionAndSpinCount
QueueUserWorkItem
CreateEventW
CreateFileW
SwitchToThread
InterlockedExchange
QueueUserAPC
WaitForSingleObjectEx
UnregisterWaitEx
RegisterWaitForSingleObject
GlobalAddAtomW
CreateThread
FreeLibrary
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrlenW
lstrcpyW
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
HeapDestroy
lstrcpynW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
DisableThreadLibraryCalls
lstrcatW
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
HeapFree
HeapAlloc
GetProcessHeap
Sleep

rpcrt4

NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllGetClassObject
NdrOleAllocate
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2
NdrOleFree

user32

ReleaseDC
LoadIconW
SetPropW
GetPropW
CallWindowProcW
GetDlgCtrlID
SendMessageW
GetWindowTextLengthW
GetWindowTextW
GetSysColor
GetSystemMetrics
GetWindowLongW
SetWindowLongW
GetWindowRect
SetWindowPos
LoadStringW
CharPrevW
CharNextW
GetDC
GetClientRect
IsWindowEnabled
GetDlgItem
wsprintfW
WinHelpW
UnhookWindowsHookEx
MessageBoxW
SetWindowsHookExW
BeginDeferWindowPos
DialogBoxParamW
EndDialog
IsDlgButtonChecked
GetDlgItemInt
SetFocus
CheckDlgButton
SetDlgItemTextW
SetDlgItemInt
RemovePropW
PostMessageW
ShowWindow
MapWindowPoints
EndDeferWindowPos
EnableWindow
SetWindowTextW
GetParent
DeferWindowPos

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HNetDeleteRasConnection
HNetFreeFirewallLoggingSettings
HNetFreeSharingServicesPage
HNetGetFirewallSettingsPage
HNetGetShareAndBridgeSettings
HNetGetSharingServicesPage
HNetSetShareAndBridgeSettings
HNetSharedAccessSettingsDlg
HNetSharingAndFirewallSettingsDlg
IcfChangeNotificationCreate
IcfChangeNotificationDestroy
IcfCheckAppAuthorization
IcfCloseDynamicFwPort
IcfConnect
IcfDisconnect
IcfFreeAdapters
IcfFreeDynamicFwPorts
IcfFreeProfile
IcfFreeString
IcfFreeTickets
IcfGetAdapters
IcfGetCurrentProfileType
IcfGetDynamicFwPorts
IcfGetOperationalMode
IcfGetProfile
IcfGetTickets
IcfIsIcmpTypeAllowed
IcfIsPortAllowed
IcfOpenDynamicFwPort
IcfOpenDynamicFwPortWithoutSocket
IcfOpenFileSharingPorts
IcfRefreshPolicy
IcfRemoveDisabledAuthorizedApp
IcfSetProfile
IcfSetServicePermission
IcfSubNetsGetScope
IcfSubNetsIsStringValid
IcfSubNetsToString
WinBomConfigureWindowsFirewall

Sections

.text
Size: 259KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text8
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cc48504e5dc09795d4d1a1c1864a79e0

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

gdi32

kernel32

rpcrt4

user32

Exports

Exports

Sections

.text Size: 259KB - Virtual size: 260KB

.orpc Size: 512B - Virtual size: 4KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 66KB - Virtual size: 68KB

.reloc Size: 18KB - Virtual size: 20KB

.text8 Size: 2KB - Virtual size: 4KB

.text
Size: 259KB - Virtual size: 260KB

.orpc
Size: 512B - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 66KB - Virtual size: 68KB

.reloc
Size: 18KB - Virtual size: 20KB

.text8
Size: 2KB - Virtual size: 4KB