dad1cef1b77539b4ef734a1041cf95ed_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dad1cef1b77539b4ef734a1041cf95ed_JaffaCakes118
Size

268KB
MD5

dad1cef1b77539b4ef734a1041cf95ed
SHA1

4e6dbf96ce93086cd3cf4fe4b781d1b849b02508
SHA256

54faf6f1b89f892261dc8bf3d56a12d0f36f1a0b98629712c45b944ce2f8a940
SHA512

d733d2c225c883b658e0408ab2518cb696391e44bc6585a17c0a0d6be0f7b7966674ddc0be0b801189adbc794b751a325415de06109fe3914dd52b3a245af1db
SSDEEP

3072:YQdGT+9eWk0UOYeujZUnXlSxgbUBwRmEsROs3sl7FPwfeQsW6V51z1rGYjFS:YQdGT6kJLTfxzPZ3qPwfermYjk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dad1cef1b77539b4ef734a1041cf95ed_JaffaCakes118

Files

dad1cef1b77539b4ef734a1041cf95ed_JaffaCakes118
.dll windows:5 windows x86 arch:x86

111d608dbff3e2273d732ec7760a323f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mstask.pdb

Imports

msvcrt

_except_handler3
??2@YAPAXI@Z
free
_initterm
malloc
??3@YAXPAX@Z
_wcsicmp
wcslen
_vsnwprintf
rand
wcspbrk
memmove
wcsspn
wcstoul
_itow
wcsrchr
setlocale
wcsncmp
wcsstr
wcsncpy
_purecall
wcscmp
_adjust_fdiv
wcstombs
mbstowcs
iswctype
wcschr
_wcsnicmp

user32

RegisterClipboardFormatW
DestroyWindow
DestroyMenu
TrackPopupMenu
SetFocus
SetForegroundWindow
GetSubMenu
LoadMenuW
GetForegroundWindow
CreateWindowExW
MessageBeep
SetCursor
LoadCursorW
MessageBoxW
GetKeyState
GetSystemMetrics
EnableWindow
GetDlgItem
EndDialog
LoadStringW
CheckDlgButton
SendDlgItemMessageW
GetDlgItemTextW
IsDlgButtonChecked
GetWindowLongW
SetWindowLongW
PostMessageW
GetClassNameW
EnumChildWindows
DefWindowProcW
RegisterClassW
GetClassInfoW
SendMessageW
DialogBoxParamW
CheckMenuItem
SetMenuItemInfoW
EnableMenuItem
WinHelpW
RemoveMenu
SetDlgItemTextW
GetMenuItemID
GetMenuItemInfoW
GetMenuItemCount
SetMenuDefaultItem
LoadImageW
DestroyIcon
GetWindowThreadProcessId
GetWindow
FindWindowW
SwitchToThisWindow
GetLastActivePopup
ShowWindow
SetWindowTextW
InvalidateRect
SystemParametersInfoW
ValidateRect
GetDC
ReleaseDC
GetClientRect
GetWindowTextW
RegisterWindowMessageW
EnumWindows
IsWindow
CheckRadioButton
GetDlgItemInt
MapWindowPoints
KillTimer
SetTimer
GetParent
GetWindowTextLengthW
GetWindowRect
SetWindowPos

ntdsapi

DsMakeSpnW

ws2_32

WSAGetLastError
inet_addr
gethostbyaddr
WSAStartup
WSACleanup

ole32

CoGetCallContext
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
OleUninitialize
OleInitialize
ReleaseStgMedium
OleSetClipboard
OleGetClipboard

secur32

GetUserNameExW

advapi32

ImpersonateSelf
RevertToSelf
GetFileSecurityW
AccessCheck
FreeSid
LookupAccountSidW
AllocateAndInitializeSid
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
RegOpenKeyExW
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
SetSecurityDescriptorOwner
ControlService
StartServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegConnectRegistryW
GetUserNameW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CheckTokenMembership

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

shell32

ord155
ord4
SHChangeNotify
ord18
SHGetPathFromIDListW
SHFileOperationW
DragQueryFileW
ord196
ord2
ord28
ord174
ord152
ord67
ShellExecuteW
SHExtractIconsW
SHGetFolderPathW
ord73

comctl32

ImageList_Remove
ord17
InitCommonControlsEx
ImageList_Destroy
ImageList_SetOverlayImage
ImageList_AddMasked
ImageList_Create
ImageList_GetIcon
ImageList_ReplaceIcon
PropertySheetW
CreatePropertySheetPageW
DestroyPropertySheetPage

kernel32

CancelWaitableTimer
DeleteFileW
CreateWaitableTimerW
SetWaitableTimer
Sleep
lstrcmpiW
lstrcpynW
FormatMessageW
FreeLibrary
LoadLibraryExA
GetFileAttributesW
GetVersionExW
IsBadStringPtrW
SetCurrentDirectoryW
SetErrorMode
SetFileTime
MulDiv
FindResourceW
LoadResource
CreateDirectoryW
SetFileAttributesW
LockResource
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenProcess
LocalFree
CreateFileW
WriteFile
CloseHandle
DuplicateHandle
GetCurrentDirectoryW
WideCharToMultiByte
lstrcmpA
CreateThread
ExitThread
GetFileTime
GlobalLock
GlobalUnlock
ActivateActCtx
DeactivateActCtx
lstrcmpW
CompareStringW
GlobalAlloc
GlobalReAlloc
GlobalFree
EnterCriticalSection
LeaveCriticalSection
FindNextFileW
InitializeCriticalSection
DeleteCriticalSection
LocalReAlloc
FileTimeToSystemTime
SetFilePointer
SetEndOfFile
GetFileType
GetFileSize
ReadFile
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
InterlockedDecrement
InterlockedIncrement
SearchPathW
GetFullPathNameW
FindFirstFileW
FindClose
GetComputerNameW
GetComputerNameExW
GetDriveTypeW
LocalAlloc
lstrlenW
ExpandEnvironmentStringsW
LoadLibraryW
GetVolumeInformationW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLastError
GetCurrentActCtx
DisableThreadLibraryCalls
GetCurrentThread
GetLocaleInfoW
GetUserDefaultUILanguage
GetDateFormatW
GetProcAddress
IsBadWritePtr
GetUserDefaultLCID
GetTimeFormatW
GetEnvironmentVariableW

rpcrt4

RpcBindingFromStringBindingW
RpcBindingFree
RpcStringFreeW
RpcStringBindingComposeW
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
NdrClientCall2
UuidCreate

gdi32

GetStockObject
DeleteDC
SelectObject
BitBlt
CreateFontIndirectW
GetDeviceCaps
CreateCompatibleDC
GetObjectW
DeleteObject
CreatePalette
CreateDIBitmap
RealizePalette
SelectPalette

comdlg32

CommDlgExtendedError
GetOpenFileNameW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetGetResourceInformationW
WNetGetConnectionW
WNetGetNetworkInformationW

userenv

UnloadUserProfile

Exports

Exports

ConvertAtJobsToTasks
DllCanUnloadNow
DllGetClassObject
GetNetScheduleAccountInformation
NetrJobAdd
NetrJobDel
NetrJobEnum
NetrJobGetInfo
SAGetAccountInformation
SAGetNSAccountInformation
SASetAccountInformation
SASetNSAccountInformation
SetNetScheduleAccountInformation
_ConvertAtJobsToTasks@0
_DllCanUnloadNow@0
_DllGetClassObject@12
_GetNetScheduleAccountInformation@12
_NetrJobAdd@12
_NetrJobDel@12
_NetrJobEnum@20
_NetrJobGetInfo@12
_SAGetAccountInformation@16
_SAGetNSAccountInformation@12
_SASetAccountInformation@20
_SASetNSAccountInformation@12
_SetNetScheduleAccountInformation@12

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

111d608dbff3e2273d732ec7760a323f

Headers

File Characteristics

PDB Paths

Imports

msvcrt

user32

ntdsapi

ws2_32

ole32

secur32

advapi32

shlwapi

shell32

comctl32

kernel32

rpcrt4

gdi32

comdlg32

version

mpr

userenv

Exports

Exports

Sections

.text Size: 139KB - Virtual size: 138KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 120KB - Virtual size: 119KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 139KB - Virtual size: 138KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 120KB - Virtual size: 119KB

.reloc
Size: 6KB - Virtual size: 6KB