eefed4dc0d1e0bda29671621693a413d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eefed4dc0d1e0bda29671621693a413d_JaffaCakes118
Size

160KB
MD5

eefed4dc0d1e0bda29671621693a413d
SHA1

07c185b97b26e0bce3c0dca37b2c56d334a7bb3d
SHA256

a1094bf2ea35134bee21df2793a10858a2d3fd298debc7a3534140dba95ce664
SHA512

b6d62812fdb578ea47bd1aaee1cbc00a908187a9885d3ddff798a0069c0fea2e3b3b68b90f0b87c6de135e76eed25f0183ec4716b56b44c70ec4d483fe4e5157
SSDEEP

3072:PuV5pv8kQLcMb+K1GvkMc4/UZkl0Hdkm4c6t8DqC:P/cMb+K1tMc48Z7H8tpC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eefed4dc0d1e0bda29671621693a413d_JaffaCakes118

Files

eefed4dc0d1e0bda29671621693a413d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

642dc0f1831ca620f08b987b8e40d067

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

ConvertSecurityDescriptorToAccessNamedW
CryptSetProviderExW
EncryptFileA
GetNumberOfEventLogRecords
GetTrusteeNameW
IsTokenRestricted
LsaICLookupNames
ProcessTrace
RegEnumKeyExW
RegSaveKeyW
RegSetValueA
RegisterEventSourceA
SetSecurityDescriptorSacl
SystemFunction019
SystemFunction024
UnlockServiceDatabase
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW

gdi32

DeleteEnhMetaFile
EnumFontFamiliesA
EnumICMProfilesW
GdiGetPageHandle
GetFontData
GetTextExtentPoint32A
LineTo
OffsetClipRgn
SelectPalette
SetBkMode
SetICMProfileA

kernel32

ConvertDefaultLocale
DeleteTimerQueueTimer
EnumSystemLanguageGroupsW
EnumTimeFormatsA
GetACP
GetDiskFreeSpaceExW
GetProcAddress
GetVolumePathNameA
LocalSize
OpenMutexA
OpenSemaphoreA
QueryDosDeviceW
ReadProcessMemory
RegisterWaitForSingleObjectEx
ResetWriteWatch
ScrollConsoleScreenBufferW
SetCommBreak
SetCommConfig
SetInformationJobObject
SetLocaleInfoA
TransmitCommChar
WriteConsoleInputW
lstrcatW
lstrcpynA
LoadResource
FindResourceA
GetCommandLineA
VirtualAlloc
DeleteCriticalSection
EnterCriticalSection
FormatMessageW
GetCurrentProcess
GetModuleHandleA
GetProcessHeap
InitializeCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
SetUnhandledExceptionFilter
TerminateProcess
WriteProfileStringW
lstrcmpiW
lstrcpyW
lstrcpynW
CompareStringW
CompareStringA
GetLocaleInfoW
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
HeapSize
LoadLibraryA
VirtualQuery
InterlockedExchange
RtlUnwind
IsBadWritePtr
HeapReAlloc
GetCPInfo
GetOEMCP
SetEnvironmentVariableA
FatalAppExitA
WriteFile
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
GetLastError
SetLastError
TlsAlloc
ExitProcess
GetVersionExA
GetCurrentThreadId

ole32

OleSetClipboard
OleCreateLinkToFileEx
OleCreateFromFile
OleCreateEx
HPALETTE_UserUnmarshal
EnableHookObject
CoQueryClientBlanket
CoIsOle1Class
CoInstall

oleaut32

VarI1FromI4
DosDateTimeToVariantTime
OleLoadPictureEx
SafeArrayDestroyData
SafeArrayPutElement
VarBoolFromStr
VarBoolFromUI1
VarCyFromDisp
VarCyFromI1
VarI1FromR8
VarI2FromBool
VarI4FromCy
VarR8FromDisp
VarUI2FromStr
VarUI2FromUI1
VarCyFromR4

rpcrt4

RpcMgmtEpEltInqNextA
I_RpcNsBindingSetEntryName
I_RpcParseSecurity
I_RpcSendReceive
I_RpcTransDatagramAllocate
NdrConvert2
NdrEncapsulatedUnionFree
NdrSimpleStructFree
RpcBindingInqAuthInfoExW
RpcBindingSetAuthInfoExW
RpcBindingVectorFree
RpcEpUnregister
RpcImpersonateClient
NdrConformantStringMarshall
RpcMgmtInqIfIds
RpcRevertToSelf
UuidToStringW
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcServerRegisterIfEx
RpcServerInqBindings

user32

CallNextHookEx
CopyAcceleratorTableA
CreateCaret
DdeDisconnectList
DialogBoxIndirectParamA
DragDetect
DrawFrame
DrawStateA
DrawStateW
GetPropA
GetScrollPos
wsprintfW
ShowWindow
SetWindowLongW
SendNotifyMessageW
SendMessageW
MessageBoxIndirectW
LoadStringW
GetWindowLongW
GetParent
GetDlgItem
EndDialog
EnableWindow
DefDlgProcW
WinHelpW
UnionRect
ToAscii
SetRectEmpty
SetMenuItemInfoA
SetActiveWindow
OpenClipboard
InsertMenuW

Exports

Exports

Vnmd

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

642dc0f1831ca620f08b987b8e40d067

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

rpcrt4

user32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 7KB