de7500fc1065a081180841f32f06a537_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

de7500fc1065a081180841f32f06a537_JaffaCakes118
Size

136KB
MD5

de7500fc1065a081180841f32f06a537
SHA1

2004f191a052cee6b033acc518f1c64bb0b00ecd
SHA256

95e08990fdf11251e9ee935f0b2e075667133758bc68c4d390e82f041a54e4b3
SHA512

2a0d8e94998650cda91b64aeb4259fa6e4e00bd9d49769b37e5c98556c03addc1785654446c2759195cb7558f3553e155e9ee8d93a433211a308cbef3a9b34b9
SSDEEP

3072:Pk5WpezDE6SWpAWF+BqBZZHm5ZkXTNtW7d4efrOnrsyTD:CztSWKWcBqBPHmOMd4efWhD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de7500fc1065a081180841f32f06a537_JaffaCakes118

Files

de7500fc1065a081180841f32f06a537_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

1726c87a14ed245092adaa6c361804cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
DisableThreadLibraryCalls
CreateRemoteThread
VirtualFreeEx
VirtualProtectEx
VirtualAllocEx
CopyFileA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
ExitProcess
MoveFileExW
GetSystemDirectoryA
MoveFileExA
GetSystemDirectoryW
LoadLibraryExA
GetPrivateProfileStringA
GetPrivateProfileIntA
Sleep
GetTempPathW
GetCurrentThreadId
GetTickCount
GetVersionExA
GetSystemTime
GetWindowsDirectoryW
SetFileTime
SystemTimeToFileTime
GetComputerNameA
ExpandEnvironmentStringsW
GetSystemInfo
GlobalFree
UnhandledExceptionFilter
SetLastError
GetExitCodeProcess
GetFileAttributesA
FormatMessageW
FormatMessageA
GetCurrentThread
SetErrorMode
GetDiskFreeSpaceExA
GetFileTime
GetFileSizeEx
CreateFileW
GetDriveTypeA
SetFilePointer
LocalFree
DeleteFileW
DuplicateHandle
FindNextFileW
GetModuleHandleA
CreatePipe
RemoveDirectoryW
LocalAlloc
ProcessIdToSessionId
LoadLibraryA
FindClose
GetProcessVersion
MoveFileW
GetProcAddress
MultiByteToWideChar
ReadFile
FileTimeToSystemTime
TerminateProcess
GetFileAttributesW
CopyFileW
LoadLibraryW
WideCharToMultiByte
OpenProcess
WaitForSingleObject
WriteFile
CreateDirectoryW
GetCurrentProcess
CreateProcessW
FreeLibrary
PeekNamedPipe
FindFirstFileW
CreateThread
CloseHandle
DeleteCriticalSection
ResetEvent
EnterCriticalSection
GetLastError
ExitThread
LeaveCriticalSection
CreateEventA
TerminateThread
InitializeCriticalSection
GetSystemTimeAsFileTime
SetEvent
WriteProcessMemory

user32

GetMessageA
ExitWindowsEx
GetSystemMetrics
GetDesktopWindow
ReleaseDC
CloseDesktop
OpenInputDesktop
OpenWindowStationA
GetDC
GetProcessWindowStation
SetProcessWindowStation
GetWindowRect
GetWindowDC
CloseWindowStation
SetThreadDesktop
GetThreadDesktop

gdi32

GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
StretchBlt
RealizePalette
SelectPalette
GetObjectA
GetStockObject
CreateCompatibleBitmap
DeleteDC

advapi32

RegSetValueExW
RegOpenKeyW
RegSetValueExA
RegCreateKeyW
CryptHashData
LsaFreeMemory
ConvertSidToStringSidW
LsaRetrievePrivateData
CryptDestroyHash
RegEnumValueA
CryptCreateHash
CredEnumerateW
LsaClose
RegOpenKeyExA
CryptAcquireContextA
RegEnumKeyExA
CredFree
CryptReleaseContext
RegQueryValueExA
LsaOpenPolicy
CryptGetHashParam
ControlService
RegOpenKeyExW
RegEnumValueW
OpenSCManagerA
EnumServicesStatusW
RegDeleteValueW
RegQueryInfoKeyA
StartServiceW
OpenServiceW
EnumServicesStatusA
DeleteService
CloseServiceHandle
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
AdjustTokenPrivileges
GetLengthSid
IsValidSecurityDescriptor
GetUserNameA
FreeSid
RevertToSelf
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
LookupAccountSidW
ImpersonateSelf
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidA
AccessCheck
GetTokenInformation
SetSecurityDescriptorGroup
OpenThreadToken
CloseEventLog
OpenEventLogA
ClearEventLogA
DuplicateTokenEx
CreateProcessAsUserW
OpenProcessToken
ImpersonateLoggedOnUser
RegDeleteValueA
RegOpenKeyA
RegCreateKeyA

shell32

SHFileOperationW
CommandLineToArgvW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

iphlpapi

GetNetworkParams
GetAdaptersInfo

ntdll

ZwQuerySystemInformation

ws2_32

shutdown
recv
send
ioctlsocket
gethostbyname
getpeername
connect
inet_ntoa
WSAStartup
recvfrom
inet_addr
setsockopt
listen
select
accept
htonl
WSAGetLastError
htons
socket
bind
sendto
getsockname
ntohs
closesocket

shlwapi

SHDeleteKeyA
PathCanonicalizeW
SHDeleteKeyW

psapi

EnumProcesses
GetModuleBaseNameA
GetModuleFileNameExW

wininet

InternetQueryOptionA

crypt32

CryptUnprotectData

userenv

LoadUserProfileA
GetUserProfileDirectoryA
UnloadUserProfile

rasapi32

RasEnumEntriesW
RasGetEntryDialParamsW

msvcrt

strncpy
memset
rand
??3@YAXPAX@Z
_time64
strcat
wcscat
_wtoi
_snwprintf
wcsncpy
_wfopen
wcsncat
fgetws
wcslen
wcsrchr
_vsnwprintf
_purecall
isprint
wcscpy
fclose
??2@YAPAXI@Z
sprintf
strcpy
wcsstr
realloc
wcscmp
isspace
wcstombs
_snprintf
strncmp
strstr
atoi
strcmp
wcschr
strncat
??_U@YAPAXI@Z
_wcsnicmp
strrchr
_wtof
strchr
isalnum
fopen
??_V@YAXPAX@Z
fread
srand
_stricmp
_wcsicmp
_wcsupr
_strnicmp
_CxxThrowException
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
?terminate@@YAXXZ
_except_handler3
memmove
malloc
free
memcpy
toupper
_ftol
strlen
__CxxFrameHandler

oleaut32

GetErrorInfo

Exports

Exports

DllRegisterServer
DllUnregisterServer
ServiceMain
SvchostPushServiceGlobals
WUServiceMain
_crt_debugger_hook

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1726c87a14ed245092adaa6c361804cc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

iphlpapi

ntdll

ws2_32

shlwapi

psapi

wininet

crypt32

userenv

rasapi32

msvcrt

oleaut32

Exports

Exports

Sections

.text Size: 81KB - Virtual size: 80KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 24KB - Virtual size: 25KB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 24KB - Virtual size: 25KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 7KB - Virtual size: 6KB