de0cad9f4ac7e88fc3239ea1757edd74_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de0cad9f4ac7e88fc3239ea1757edd74_JaffaCakes118
Size

3.1MB
MD5

de0cad9f4ac7e88fc3239ea1757edd74
SHA1

20a84bc99873dd4722f67a9ccfda502375afefdd
SHA256

c5cace0dc7f2db52fd000c4d38146bfd5c8b32100c89133cce47b3ee2f9598f0
SHA512

cabeb40a87b30f4166dd8504ae4ba62f151298bef3f0ac0c04aa9067a69328667adb7fc6a6c582a1d99c43547a7e86850e52ab2994942fc6ad52b3d9654d7657
SSDEEP

49152:+PN1EXKjZUzJOu4YmRS+whPhrJiLhXtSGttHTgRtTiY:+9loX4O+whNJiLhXWRtT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de0cad9f4ac7e88fc3239ea1757edd74_JaffaCakes118

Files

de0cad9f4ac7e88fc3239ea1757edd74_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

17bcf9a58c6500700e7caf8299912ba7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToLocalFileTime
GetPrivateProfileSectionNamesA
CommConfigDialogW
SetUnhandledExceptionFilter
IsBadCodePtr
RequestWakeupLatency
CreateFileMappingW
GetCurrentDirectoryW
GetProcAddress
LoadLibraryA
GetPrivateProfileSectionW
lstrcpynW
SetDefaultCommConfigA
GlobalGetAtomNameW
GetVolumeInformationW
MultiByteToWideChar
Sleep
GetProfileStringW
GetAtomNameA
GlobalAddAtomW
FindResourceExW
GetSystemDirectoryA
WriteProfileStringW
FindFirstChangeNotificationA
GetProfileSectionW
FormatMessageW
SetFileApisToOEM
FindAtomW
ContinueDebugEvent
GlobalCompact
OutputDebugStringA
GetFileAttributesExA
CloseHandle
GetModuleFileNameW
OpenSemaphoreW
GetPrivateProfileStructW
DisconnectNamedPipe
GetSystemTimeAsFileTime
RequestDeviceWakeup
CreateMailslotA
GlobalFindAtomW
QueryPerformanceCounter
ResumeThread
GetCommandLineA
GlobalAlloc
GetNumaAvailableMemoryNode
CopyFileW
GetComputerNameW
OpenMutexW
InterlockedIncrement
InterlockedDecrement
GetTempFileNameA
GetFirmwareEnvironmentVariableW
ExpandEnvironmentStringsW
EraseTape
RemoveDirectoryW
GetCommandLineW
ReadFile
ConnectNamedPipe
BeginUpdateResourceA
GlobalMemoryStatus
IsBadHugeReadPtr
SetFileTime
GetDiskFreeSpaceW
GlobalFree
GetTempPathW
CreateNamedPipeW
CreateDirectoryExA
SetTimeZoneInformation
WaitCommEvent
LockFileEx
GlobalAddAtomA
TlsSetValue
VerifyVersionInfoW
GetVersionExW
EnumResourceTypesW
SetVolumeLabelA
PurgeComm
BuildCommDCBA
GetThreadContext
GlobalFlags
CreateMailslotW
SetFirmwareEnvironmentVariableW
SetCommMask
GetCompressedFileSizeW
lstrlenW
SetCommConfig
GlobalReAlloc
GetFileSize
AddAtomW
GetNamedPipeHandleStateW
WriteTapemark
UpdateResourceW
GetTickCount
SetCommBreak
CallNamedPipeW
GetLastError
DebugBreak
GetThreadSelectorEntry
GetFileSizeEx
FindFirstChangeNotificationW
GlobalUnlock
SetLocalTime
CreateProcessW
GlobalHandle
SetMessageWaitingIndicator
GetTapePosition
SetSystemPowerState
QueryDosDeviceW
GetProcessId
GetDriveTypeA
FatalAppExitW
SetSystemTime
GetExitCodeProcess
ProcessIdToSessionId
EnumResourceLanguagesW
GetLogicalDrives
LockFile
SetEndOfFile
GetLogicalDriveStringsW
GetCurrentThread
DefineDosDeviceW
lstrcatW
SetCurrentDirectoryW
LockResource
GetStartupInfoW
BeginUpdateResourceW
SetVolumeLabelW
OpenProcess
GetEnvironmentVariableW
GlobalMemoryStatusEx
OpenFileMappingW
SetFileAttributesW
FindNextChangeNotification
CreateTapePartition
GetCommConfig
FlushFileBuffers
DeleteFileW
HeapSetInformation
GetDiskFreeSpaceExW
IsProcessorFeaturePresent
WaitNamedPipeA
WritePrivateProfileStringA
SetThreadExecutionState
SetCurrentDirectoryA
DisableThreadLibraryCalls
DebugSetProcessKillOnExit
CompareStringA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetEnvironmentStrings
IsValidCodePage
GetOEMCP
GetACP
HeapSize
TlsFree
TlsGetValue
HeapReAlloc
VirtualAlloc
VirtualFree
FreeEnvironmentStringsA
GetPrivateProfileStringW
GetThreadPriorityBoost
SleepEx
FindNextFileW
GetProcessAffinityMask
GetProfileIntW
GetPrivateProfileStructA
GetCurrentProcessId
GetEnvironmentVariableA
lstrcmpiW
FindFirstFileW
ReleaseMutex
GetCommTimeouts
WaitNamedPipeW
ExitProcess
GetVersionExA
GetDiskFreeSpaceExA
FreeResource
SetStdHandle
ReadFileEx
GetCommModemStatus
GetCurrentThreadId
BuildCommDCBW
CreateDirectoryW
GetLogicalDriveStringsA
WideCharToMultiByte
CopyFileA
TlsAlloc
PostQueuedCompletionStatus
GetComputerNameA
GetProfileStringA
AreFileApisANSI
GetProcessPriorityBoost
LoadResource
SetProcessAffinityMask
ReadFileScatter
GetSystemWindowsDirectoryW
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentDirectoryA
SetProcessPriorityBoost
GetFullPathNameA
GetCommMask
DuplicateHandle
GetModuleHandleA
EnumResourceLanguagesA
GetProcessHeaps
QueryDosDeviceA
GetDevicePowerState
ResetWriteWatch
SetSystemTimeAdjustment
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
BackupWrite
MoveFileExW
GetWindowsDirectoryW
GetLongPathNameW
WaitForSingleObject
MoveFileA
SetLastError
GetHandleInformation
WritePrivateProfileSectionW
WaitForMultipleObjects
LocalFileTimeToFileTime
DebugActiveProcessStop
GetOverlappedResult
GetShortPathNameA
OpenEventW
LocalCompact
CreateDirectoryExW
TzSpecificLocalTimeToSystemTime
EnumResourceNamesW
InitAtomTable
IsBadStringPtrA
CreateEventW
SetCommTimeouts
LoadModule
GetSystemWindowsDirectoryA
CommConfigDialogA
GetProcessTimes
MoveFileExA
GetTempPathA
SetDefaultCommConfigW
SetHandleCount
GetWindowsDirectoryA
OpenFileMappingA
BuildCommDCBAndTimeoutsA
GetProcessShutdownParameters
SearchPathW
GetProfileSectionA
GetVolumeInformationA
GetStartupInfoA
SetComputerNameW
CreatePipe
GetPrivateProfileSectionNamesW
GetTapeStatus
GetStdHandle
WriteFile
CreateFileW
MoveFileW
DeleteFileA
GetSystemDirectoryW
GetThreadPriority
OutputDebugStringW
CreateFileA
FatalAppExitA
GetFileType
GetWriteWatch
UnhandledExceptionFilter
QueryPerformanceFrequency
CancelIo
lstrcpyW
lstrcmpiA
ClearCommError
GetNumaNodeProcessorMask
GetFullPathNameW
FreeEnvironmentStringsW
FileTimeToDosDateTime
IsBadStringPtrW
GlobalGetAtomNameA
GetProcessWorkingSetSize
SetFileAttributesA
GetThreadTimes
GetTempFileNameW
GetDefaultCommConfigW
GetPrivateProfileStringA
GetLongPathNameA
DefineDosDeviceA
BuildCommDCBAndTimeoutsW
FindFirstFileA
SetTapePosition
GetCompressedFileSizeA
IsBadHugeWritePtr
MapViewOfFileEx
SuspendThread
FlushInstructionCache
SetNamedPipeHandleState
GetProcessVersion
FlushViewOfFile
lstrcmpA
FindClose
GetDefaultCommConfigA
GetTimeZoneInformation
GetEnvironmentStringsW
GetProcessIoCounters
GlobalFindAtomA
SetMailslotInfo
PrepareTape
GetFileInformationByHandle
SizeofResource
FindNextFileA
GetSystemInfo
DeviceIoControl
FatalExit
GetProcessHeap
SetComputerNameA
GetModuleHandleW
GlobalWire
SetTapeParameters
GetVersion
GetPrivateProfileIntW
GetDriveTypeW
SystemTimeToFileTime
GetPriorityClass
GetBinaryTypeA
ResetEvent
SetEvent
SetEnvironmentVariableA
GetNumaHighestNodeNumber
SetThreadPriorityBoost
CreateDirectoryA
GetPrivateProfileIntA
WinExec
SetThreadContext
GetTapeParameters
VirtualUnlock
GetSystemTimeAdjustment
GetNumaProcessorNode
DebugBreakProcess
CreateProcessA
SetFilePointerEx
GetNamedPipeHandleStateA
LocalShrink
SetupComm
GlobalUnWire
GetMailslotInfo
SetFilePointer
SetFirmwareEnvironmentVariableA
GetShortPathNameW
CreateNamedPipeA
WriteProfileSectionW
TerminateProcess
WriteProfileStringA
lstrcpyA
CreateIoCompletionPort
EndUpdateResourceW
WriteFileGather
GetCommState
SetEnvironmentVariableW
CreateSemaphoreW
GetFileAttributesExW
SetPriorityClass
Beep
DosDateTimeToFileTime
CreateSemaphoreA
GetLocalTime
GetFileTime
CreateMutexA
FreeLibrary
OpenFile
MulDiv
GetFileAttributesA
ReadProcessMemory
HeapWalk
GetSystemPowerStatus
IsBadWritePtr
RaiseException
SetProcessWorkingSetSize
CreateMutexW
EscapeCommFunction
WritePrivateProfileStringW
RemoveDirectoryA
ReleaseSemaphore
GetCommProperties
GetQueuedCompletionStatus
GetPrivateProfileSectionA
FindAtomA
FindResourceW
EnumResourceTypesA
GetProfileIntA
lstrcatA
SetFileShortNameW
OpenSemaphoreA
CreateFileMappingA
GetBinaryTypeW
MapViewOfFile
GlobalUnfix
InterlockedExchange
InterlockedExchangeAdd
GlobalSize
SetHandleInformation
EnumResourceNamesA
FindCloseChangeNotification
HeapQueryInformation
GetFileAttributesW
FindResourceExA
VirtualLock
OpenMutexA
lstrcmpW
ClearCommBreak
BackupRead
WaitForDebugEvent
FindResourceA
GetAtomNameW
GetFirmwareEnvironmentVariableA
FileTimeToSystemTime
UnlockFileEx
SearchPathA
GetModuleFileNameA
SetThreadAffinityMask
WritePrivateProfileStructW
FreeLibraryAndExitThread
UnlockFile
GetSystemTime
WriteProfileSectionA
DebugActiveProcess
PeekNamedPipe
IsBadReadPtr
GlobalDeleteAtom
SetErrorMode
DeleteAtom
GetDiskFreeSpaceA
WritePrivateProfileSectionA
WriteFileEx
FormatMessageA
ExpandEnvironmentStringsA
WritePrivateProfileStructA
InterlockedCompareExchange
BackupSeek
IsSystemResumeAutomatic
GetCurrentProcess
GetExitCodeThread
TerminateThread
SetThreadPriority
lstrlenA
CreateThread
SetFileApisToANSI
CallNamedPipeA
SystemTimeToTzSpecificLocalTime
CompareFileTime
EndUpdateResourceA
GlobalLock
AddAtomA
GetNamedPipeInfo
LoadLibraryW
lstrcpynA
SetFileShortNameA
SetProcessShutdownParameters
GlobalFix
HeapFree
RtlUnwind
IsDebuggerPresent
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
HeapAlloc
HeapCreate
HeapDestroy
CompareStringW

user32

IsWindow
SetWindowLongW
GetWindowRect
SystemParametersInfoW
SetWindowTextW
GetClassNameA
SetWindowPos
RealGetWindowClassA
CharLowerW
CallWindowProcW
EnumChildWindows
SendMessageW
ShowWindow
RealGetWindowClassW
GetClassNameW
MoveWindow
CharUpperW

oleaut32

SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
VarBstrCmp
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17bcf9a58c6500700e7caf8299912ba7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 342KB - Virtual size: 341KB

.data Size: 17KB - Virtual size: 60KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 169KB - Virtual size: 169KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 342KB - Virtual size: 341KB

.data
Size: 17KB - Virtual size: 60KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 169KB - Virtual size: 169KB