d241c22d821db8a1395f0e475db823a2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d241c22d821db8a1395f0e475db823a2_JaffaCakes118
Size

68KB
MD5

d241c22d821db8a1395f0e475db823a2
SHA1

92696ac56c71d21051bcdbd4a5f9fc5dc9876890
SHA256

f36fc730698888536b8717f83a4aac9da3f12d64e4acb74fbcb849b159979475
SHA512

74166fee58591ed35fe2f26161bb29eba0cbd8039d7cb11c451d83fd663b2db6a5394fb7e66eadc3145e85e1997145b1ef4a7319489f94674852525a7b8d94f1
SSDEEP

1536:+7ai5UxJqAa4UHVuaGtKIYB0CVNMgLWn7ghmK:+7uR5EZ/0UMgLG7QmK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d241c22d821db8a1395f0e475db823a2_JaffaCakes118

Files

d241c22d821db8a1395f0e475db823a2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7464823f9b295f1040c03620cd9850ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
InterlockedExchange
CreateMutexA
lstrcatW
CreateFileMappingA
VirtualProtect
GetLastError
GetSystemTimeAsFileTime
CreateProcessA
CreateThread
CopyFileA
HeapFree
GetModuleFileNameA
GetModuleHandleA
MapViewOfFile
VirtualQuery
GetProcAddress
MoveFileExA
LeaveCriticalSection
lstrlenA
WaitForSingleObject
CloseHandle
CreateDirectoryA
GetSystemWow64DirectoryW
ReadConsoleA
GetShortPathNameA
GetSystemPowerStatus
TerminateThread
DeleteTimerQueueTimer
OpenProcess
ChangeTimerQueueTimer
WriteProcessMemory
CancelWaitableTimer
lstrcpynA
SetFileTime
SetConsoleTitleA
PulseEvent
GetHandleInformation
VerLanguageNameW
FindNextVolumeW
UnregisterWaitEx
OpenFileMappingA
GetVersion
PurgeComm
WriteFile
SetStdHandle
SetConsoleActiveScreenBuffer
GetSystemDefaultLangID
GlobalFree
CreateMutexW
WaitNamedPipeA
FreeEnvironmentStringsW
SetVolumeLabelA
DuplicateHandle
GetVolumePathNamesForVolumeNameW
WriteProfileStringA
GlobalHandle
GetProfileStringA
GetCurrentThreadId
SetLocalTime
GlobalAddAtomA
LockFileEx
FreeConsole
LocalAlloc
RtlUnwind
GetTempPathW
UnlockFileEx
GlobalFindAtomW
GetFileSizeEx
ExpandEnvironmentStringsW
GetProfileStringW
GetModuleHandleW
lstrcatA
CreateMailslotW
OpenFile
CancelIo
VerSetConditionMask
GetSystemDefaultUILanguage
GetVolumeNameForVolumeMountPointW
PeekNamedPipe
GetWindowsDirectoryA
VerifyVersionInfoA
IsValidLocale
LocalHandle
IsBadStringPtrW
ReplaceFileW
GetTimeFormatW
CreateTimerQueue
FileTimeToDosDateTime
FreeResource
GetProcessVersion
WaitForSingleObjectEx
FileTimeToSystemTime
GlobalAddAtomW
EnumResourceLanguagesW
GetCurrentDirectoryW
CopyFileW
GetVolumeInformationA
WaitNamedPipeW
GetSystemWindowsDirectoryA
GetModuleFileNameW
GetLogicalDriveStringsW
SetVolumeMountPointW
lstrcmpA
GetCommandLineW
HeapUnlock
GetComputerNameExW
GetStartupInfoW
CreateTimerQueueTimer
SetProcessWorkingSetSize
GetFileAttributesExW
SetConsoleMode
GetDriveTypeA
WriteConsoleW
EnumSystemLocalesA
OpenMutexA
WaitForMultipleObjects
AllocConsole
CreateSemaphoreA
DeleteFileW
HeapLock
CreateMailslotA
GetThreadLocale
FindClose
DosDateTimeToFileTime
RaiseException
SetLastError
GetFileAttributesExA
GetTimeFormatA

ole32

RevokeDragDrop
GetHGlobalFromILockBytes
CoAllowSetForegroundWindow
OleQueryLinkFromData
GetHGlobalFromStream
CoGetObjectContext
CoDisableCallCancellation
OleSetContainedObject
CoWaitForMultipleHandles
OleCreateFromData
CreateDataCache
CreateOleAdviseHolder
PropVariantClear
OleRegEnumVerbs
CreateILockBytesOnHGlobal
CoFreeUnusedLibrariesEx
CoGetMarshalSizeMax
CreateGenericComposite
CreateDataAdviseHolder
CoCreateFreeThreadedMarshaler
CreatePointerMoniker
CreateItemMoniker
OleCreateStaticFromData
CoGetClassObject
OleCreateLink
CoTaskMemRealloc
MkParseDisplayName
StgIsStorageFile
OleTranslateAccelerator
CoGetCallContext
StgOpenStorageOnILockBytes
CoInitialize
CoTaskMemAlloc

shlwapi

wvnsprintfW
StrDupW
PathIsDirectoryA
StrStrA
PathIsUNCServerShareW
PathRemoveExtensionW
PathMatchSpecW
StrCmpNIA
PathRemoveArgsW
PathQuoteSpacesW
StrRetToStrW
PathGetDriveNumberW
StrCatW
StrCmpNIW
PathFindFileNameA
PathIsUNCW
SHDeleteKeyA
StrStrIW
StrStrIA
StrCmpIW
PathFindExtensionW
PathFindNextComponentW
PathIsUNCServerW
UrlCanonicalizeW
SHRegGetUSValueW
UrlEscapeW
StrChrW
PathGetArgsW
SHSetValueA
StrNCatW
PathSetDlgItemPathW
StrCatBuffW
StrRChrW
UrlIsW
StrToIntA
StrRetToBufW
PathIsFileSpecW
PathStripPathW
PathAppendA

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetPathFromIDListA
SHPathPrepareForWriteW
SHAddToRecentDocs
SHParseDisplayName
SHGetMalloc
DragQueryFileW
SHFormatDrive
ShellExecuteExA
SHGetFolderPathW
ExtractIconExA
SHGetDesktopFolder
SHFileOperationW
DragFinish

Exports

Exports

DllInit
DllInstall

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7464823f9b295f1040c03620cd9850ea

Headers

File Characteristics

Imports

kernel32

ole32

shlwapi

shell32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB