d511aef3a893af7a2792752a457f8f6b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d511aef3a893af7a2792752a457f8f6b_JaffaCakes118
Size

72KB
MD5

d511aef3a893af7a2792752a457f8f6b
SHA1

0d67816f2340afc173d670f41016d0570507a111
SHA256

6d2b01585d3c97576ff39d7bbd4a5bf917fa9d8b227d957ce0ec418b06e66d5d
SHA512

091370983c32e3b2e8284590eb52e29f23865206e5640e62d301db848e994f004186afd989b0a4a8948836de57de8a3a71ef1cdf7d49464e6573d37d7efc76c1
SSDEEP

1536:XpVWM645npyriLFcjzulNxJyZ/LBiCtJISM:rt5CiKjzqxJSYCISM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d511aef3a893af7a2792752a457f8f6b_JaffaCakes118

Files

d511aef3a893af7a2792752a457f8f6b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e6cf410b9a1df67b2a171ee7e079a256

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetComputerNameA
CloseHandle
GetModuleFileNameA
WaitForSingleObject
EnterCriticalSection
GetSystemTimeAsFileTime
GetProcAddress
lstrlenW
CopyFileA
HeapFree
GetModuleHandleA
CreateThread
MoveFileExA
CreateProcessA
InterlockedExchange
LeaveCriticalSection
GetProcessHeap
CreateDirectoryA
VirtualProtect
HeapAlloc
lstrlenA
CreateMutexA
LoadLibraryA
GetLastError
SystemTimeToFileTime
GetStartupInfoW
IsWow64Process
ReadFile
PostQueuedCompletionStatus
IsBadHugeWritePtr
GetShortPathNameW
GetComputerNameExW
DuplicateHandle
WriteProcessMemory
CreateFileW
GlobalAddAtomA
RtlUnwind
DeleteTimerQueueEx
GetStartupInfoA
FindCloseChangeNotification
OpenFileMappingW
OpenFileMappingA
lstrcatA
SetConsoleWindowInfo
InterlockedIncrement
LCMapStringW
ConnectNamedPipe
InterlockedExchangeAdd
GetWindowsDirectoryW
GetLogicalDriveStringsA
TransactNamedPipe
DeleteFileW
GetFullPathNameW
SetComputerNameExW
OpenMutexW
WriteProfileStringW
GetFileType
IsBadCodePtr
ReadConsoleW
OpenFile
IsBadReadPtr
ReadProcessMemory
InterlockedDecrement
PeekConsoleInputA
GetSystemDirectoryA
GetSystemDefaultUILanguage
GetExitCodeProcess
SetEndOfFile
GetFullPathNameA
VerifyVersionInfoA
LocalAlloc
VirtualFree
CreateSemaphoreA
FillConsoleOutputAttribute
UnregisterWaitEx
RaiseException
VirtualUnlock
GlobalFindAtomW
GetVolumeNameForVolumeMountPointW
FindVolumeMountPointClose
CreateTimerQueue
GetComputerNameW
WaitForSingleObjectEx
WriteConsoleA
IsValidLanguageGroup
MoveFileExW
GetVersion
WriteFile
IsValidLocale
GetVolumePathNameW
GetTempPathA
SetHandleInformation
DeviceIoControl
GlobalGetAtomNameA
GetLocalTime
GetStringTypeA
WaitForMultipleObjectsEx
HeapCreate
SetConsoleMode
GetThreadPriority
CreateNamedPipeW
GetLocaleInfoW
RegisterWaitForSingleObject
GetDiskFreeSpaceW
UpdateResourceA
GetTickCount
PurgeComm
lstrcpynA
IsBadStringPtrW
PeekConsoleInputW
GetFileSizeEx
ConvertDefaultLocale
SetLastError
SetFilePointer
GetSystemDefaultLangID
SearchPathW
EnumResourceLanguagesA
GetAtomNameA
MoveFileA
SetConsoleTitleA
GetProfileStringW
LoadResource
FindNextVolumeMountPointW
FindResourceA
ReadConsoleA
PulseEvent
LocalFileTimeToFileTime
CopyFileW
GetFileAttributesA
OpenMutexA
GetEnvironmentStrings
GetStdHandle
RemoveDirectoryA
FreeLibraryAndExitThread
SizeofResource
SetComputerNameA
CreateFileMappingW
GetQueuedCompletionStatus
QueueUserWorkItem

ole32

CoEnableCallCancellation
OleCreateFromFile
CoSetProxyBlanket
StgOpenStorageOnILockBytes
ReadFmtUserTypeStg
GetHGlobalFromStream
CoRevertToSelf
PropVariantCopy
GetRunningObjectTable
CoGetInterfaceAndReleaseStream
OleUninitialize
OleCreateMenuDescriptor
CoLockObjectExternal
StgOpenStorage
OleRegEnumVerbs
OleRun
StgCreateDocfileOnILockBytes
CoFreeUnusedLibraries
OleCreateFromData
OleQueryCreateFromData
CreateDataCache
OleCreateLink
IIDFromString
OleRegGetUserType
OleTranslateAccelerator
CreateOleAdviseHolder
CoImpersonateClient
OleCreateStaticFromData
CoGetObjectContext
RevokeDragDrop
BindMoniker
OleIsRunning
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
SetConvertStg
CoInitialize

shell32

SHFileOperationA
ShellExecuteA
SHParseDisplayName
ExtractIconW
SHGetFileInfoW
SHGetFolderPathAndSubDirW
SHFileOperationW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetSpecialFolderPathW
SHPathPrepareForWriteW
SHGetFolderLocation
SHGetPathFromIDListA
ExtractIconA
SHGetFolderPathA
SHGetInstanceExplorer

Exports

Exports

DllInit
DllInstall

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6cf410b9a1df67b2a171ee7e079a256

Headers

File Characteristics

Imports

kernel32

ole32

shell32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 976B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 976B

.reloc
Size: 4KB - Virtual size: 1KB