de2ee79f64b5b046a3bf97b43fc2d408_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de2ee79f64b5b046a3bf97b43fc2d408_JaffaCakes118
Size

506KB
MD5

de2ee79f64b5b046a3bf97b43fc2d408
SHA1

3e6c157fe03d06847dd52930a54f2298f28210f4
SHA256

42ebaaf54a21df16a3717d12f201b04f21b579de7594dd104a33857c404b2883
SHA512

5ba273e8766910924663450513dfb02df83a839d0a9bef6d82784f5d63c0d3bc0c0988d2f2e2088841dc90678e748afffac1c44bdc08b329c9f54cbc8e788b04
SSDEEP

6144:mC2ziK04YhnrGEa+tbdPBHPr823DkQgHHoSceTHlq1UF+G46hiEyZ8Gheds:UOpbbtbd5423+1THlq1UF+G46pAzhV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de2ee79f64b5b046a3bf97b43fc2d408_JaffaCakes118

Files

de2ee79f64b5b046a3bf97b43fc2d408_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

ef58ace299bd43a8d3229664e903a966

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteValueW
SHGetValueW

kernel32

FlushFileBuffers
GetProcAddress
LoadLibraryA
GetCommandLineW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SearchPathW
SetFilePointerEx
SetDefaultCommConfigA
GetSystemDirectoryW
SetFileAttributesA
HeapCompact
GlobalReAlloc
LocalLock
RemoveDirectoryW
GetModuleFileNameW
IsBadCodePtr
OpenEventA
DeleteAtom
GetModuleHandleA
GetProfileSectionW
GetVersion
GetComputerNameA
GetCurrentThread
EnumResourceTypesW
HeapReAlloc
WaitForDebugEvent
GetFileAttributesW
GetThreadTimes
GetAtomNameW
GetSystemDirectoryA
GetShortPathNameA
VirtualFree
GetNamedPipeHandleStateW
GlobalUnlock
PeekNamedPipe
SetFileShortNameA
MapViewOfFileEx
FindResourceW
ContinueDebugEvent
lstrcatW
SystemTimeToTzSpecificLocalTime
GetBinaryTypeA
SetPriorityClass
CreateRemoteThread
GetCommModemStatus
EndUpdateResourceW
DefineDosDeviceA
OpenThread
GetExitCodeProcess
ClearCommBreak
WriteProfileStringW
ExitThread
VirtualAllocEx
CreateMutexW
ClearCommError
EscapeCommFunction
AddAtomW
GetFileAttributesExW
lstrcmpiA
CreateFileMappingA
GlobalAddAtomW
GetNumaNodeProcessorMask
ExitProcess
GetProcessPriorityBoost
CreateSemaphoreW
PostQueuedCompletionStatus
BuildCommDCBAndTimeoutsW
GetEnvironmentStringsW
DisconnectNamedPipe
HeapFree
OutputDebugStringW
SetFilePointer
SetUnhandledExceptionFilter
CreateDirectoryW
CreatePipe
FormatMessageW
VirtualFreeEx
OpenFileMappingW
GetTimeZoneInformation
ExpandEnvironmentStringsW
GetHandleInformation
SetSystemTime
FreeLibrary
CreateMailslotA
WritePrivateProfileSectionW
GetTickCount
VirtualUnlock
lstrcpynA
SetCommState
CreateTapePartition
QueryDosDeviceW
GetShortPathNameW
GetFirmwareEnvironmentVariableW
GetTempFileNameW
WriteTapemark
GlobalMemoryStatus
FindNextFileW
GetDefaultCommConfigW
BuildCommDCBA
FindResourceExA
GetLogicalDriveStringsW
InterlockedCompareExchange
GetNamedPipeInfo
GetTempPathW
GetProfileIntA
ExpandEnvironmentStringsA
GetNumaHighestNodeNumber
GetTapePosition
DefineDosDeviceW
ConnectNamedPipe
GetSystemWindowsDirectoryW
FindResourceA
DeleteFileW
LocalAlloc
GetCommTimeouts
GetProfileStringA
GetVersionExW
GetCommMask
GetModuleHandleW
OpenMutexW
TerminateProcess
EnumResourceNamesW
LoadLibraryExW
GetProcessHeaps
CreateEventW
DeviceIoControl
GlobalFindAtomW
GetDriveTypeW
GetSystemTime
SetCurrentDirectoryW
ReleaseSemaphore
GetSystemTimeAsFileTime
CommConfigDialogW
CreateDirectoryExW
lstrcatA
GetPrivateProfileIntW
GetPrivateProfileSectionNamesA
GlobalFix
CloseHandle
GetCommandLineA
GetLongPathNameW
CreateDirectoryExA
SetEnvironmentVariableW
IsSystemResumeAutomatic
GetProcessShutdownParameters
GetCurrentDirectoryW
GetCommState
DebugSetProcessKillOnExit
EndUpdateResourceA
GetCommConfig
GetEnvironmentVariableW
HeapCreate
GetPrivateProfileStringA
GetFullPathNameW
CreateEventA
BackupWrite
WriteFileEx
WriteProfileSectionW
GetDiskFreeSpaceExA
GetCurrentThreadId
GlobalGetAtomNameA
SetDefaultCommConfigW
IsBadHugeWritePtr
GetWindowsDirectoryW
SetLocalTime
SetThreadAffinityMask
GetSystemInfo
GetFileTime
TzSpecificLocalTimeToSystemTime
GetFileAttributesA
ReadFileScatter
HeapValidate
GetSystemWindowsDirectoryA
OpenFileMappingA
FreeResource
GetProcessIoCounters
SearchPathA
CommConfigDialogA
SetCommMask
HeapAlloc
lstrcpynW
GetPrivateProfileSectionNamesW
GlobalUnfix
BuildCommDCBW
HeapDestroy
GetCurrentProcess
GetDriveTypeA
GetProcessHeap
GetTempPathA
LoadResource
IsBadStringPtrW
GetPriorityClass
RequestDeviceWakeup
GetStartupInfoW
LoadLibraryExA
SetTapeParameters
CancelIo
GetStdHandle
CreateFileMappingW
GetPrivateProfileStringW
HeapQueryInformation
CreateMailslotW
ReleaseMutex
GetDiskFreeSpaceA
CallNamedPipeA
FatalAppExitA
GlobalHandle
GetDiskFreeSpaceExW
InitAtomTable
SetThreadContext
FindFirstChangeNotificationW
FatalAppExitW
BackupSeek
EnumResourceLanguagesW
GetProcessVersion
ResetWriteWatch
DebugBreakProcess
LockFile
FatalExit
WaitForMultipleObjectsEx
GetTapeParameters
BeginUpdateResourceW
GetThreadPriorityBoost
GetCommProperties
GetCurrentProcessId
CreateProcessW
SetErrorMode
SetFileAttributesW
OpenEventW
GetNumaAvailableMemoryNode
InterlockedExchangeAdd
lstrlenW
GetStartupInfoA
EraseTape
GetSystemPowerStatus
CreateSemaphoreA
SetFirmwareEnvironmentVariableW
GetComputerNameW
GlobalUnWire
GetPrivateProfileSectionW
GetPrivateProfileStructW
LockFileEx
RequestWakeupLatency
LoadLibraryW
UpdateResourceW
GetTempFileNameA
EnumResourceLanguagesA
EnumResourceTypesA
DebugBreak
GetMailslotInfo
FileTimeToSystemTime
HeapSize
HeapUnlock
SetFileShortNameW
GetFirmwareEnvironmentVariableA
GlobalMemoryStatusEx
InterlockedExchange
PrepareTape
OpenSemaphoreW
FindNextChangeNotification
GetProfileStringW
IsBadWritePtr
TlsFree
FindAtomW
MoveFileA
lstrcmpiW
WritePrivateProfileStructW
GetProcessTimes
SetCurrentDirectoryA
SetEvent
GetLocalTime
RemoveDirectoryA
FindClose
CreateThread
GetDiskFreeSpaceW
BeginUpdateResourceA
FindFirstChangeNotificationA
LocalCompact
Sleep
GetWriteWatch
CreateFileW
MapViewOfFile
FindFirstFileW
GetLongPathNameA
WriteFile
GlobalCompact
MulDiv
SuspendThread
GetFileSize
LocalShrink
FreeEnvironmentStringsA
CreateNamedPipeA
GetBinaryTypeW
CreateNamedPipeW
UnlockFileEx
GlobalFree
GetVolumeInformationW
GetDefaultCommConfigA
GetDevicePowerState
DeleteFileA
GetQueuedCompletionStatus
SetFileTime
SetMessageWaitingIndicator
GetVersionExA
VirtualProtect
InterlockedIncrement
SetStdHandle
BackupRead
WaitNamedPipeW
MoveFileExW
VirtualQuery
VirtualAlloc
ResumeThread
FlushInstructionCache
GetThreadContext
GetLastError
SetLastError
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
GetFileType
SetHandleCount
GetModuleFileNameA
InterlockedDecrement
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
RaiseException

user32

OffsetRect
IntersectRect
InflateRect
ClientToScreen
BringWindowToTop
MoveWindow
EnumChildWindows
SetWindowTextW
DispatchMessageW
PeekMessageW
SetWindowLongA
RealGetWindowClassW
GetWindowThreadProcessId
CharUpperW
GetWindowLongW
SetPropW
GetPropW
CreateDialogParamA
RealGetWindowClassA
CharLowerW
MsgWaitForMultipleObjects
TranslateMessage
GetDlgItem
GetClientRect
DestroyWindow
PostMessageW
GetParent
SendMessageA
SendMessageW
SetWindowLongW
CreateDialogParamW
GetWindowTextW
GetClassNameA
RemovePropW
RemovePropA
GetWindowRect
GetClassNameW
GetWindowTextA
SetPropA
SetActiveWindow
GetWindowLongA
GetPropA

oleaut32

VariantInit
VariantCopy
SysAllocString
VariantChangeType
SysStringLen
SysFreeString
VarCmp
VariantClear

Exports

Exports

DllAction
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef58ace299bd43a8d3229664e903a966

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 383KB - Virtual size: 382KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 5KB - Virtual size: 28KB

.rsrc Size: 1024B - Virtual size: 876B

.reloc Size: 78KB - Virtual size: 78KB

.text
Size: 383KB - Virtual size: 382KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 5KB - Virtual size: 28KB

.rsrc
Size: 1024B - Virtual size: 876B

.reloc
Size: 78KB - Virtual size: 78KB