efd78341c9b90ef4deb840b249b54f1e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

efd78341c9b90ef4deb840b249b54f1e_JaffaCakes118
Size

824KB
MD5

efd78341c9b90ef4deb840b249b54f1e
SHA1

d0c67c22e5ddc13423470983f7dc8e4ed3aafe9c
SHA256

2b1191136eabf9d590ed2a7d9366cde6cb041c71947f4c8bb9ca0c06504a7be4
SHA512

9bca5ce086249f89f3dda58b9d416701af543e102ebd6ac074f094593bc55d340c9ed3242935addc9ce87d615267e5895d2600cdfefe73549ecd15f1e84ae393
SSDEEP

24576:KeJjMPbrRoXE6DD3+N5PtMnLc0NytqgWooe80NMbHxEKl:ypVC/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efd78341c9b90ef4deb840b249b54f1e_JaffaCakes118

Files

efd78341c9b90ef4deb840b249b54f1e_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

8be1e71135249182f5f05114ab9256cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sapi.pdb

Imports

kernel32

lstrlenW
GetModuleFileNameA
GetModuleFileNameW
CreateEventA
CreateEventW
lstrlenA
WaitForSingleObject
CreateFileA
CreateFileW
GetFileInformationByHandle
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
LockFileEx
UnlockFileEx
DuplicateHandle
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
ReleaseMutex
DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
GetFileAttributesA
GetFileAttributesW
CreateMutexA
CreateMutexW
OpenEventA
InterlockedExchange
ReleaseSemaphore
CreateSemaphoreA
GetThreadPriority
GetQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
WaitForMultipleObjects
PostQueuedCompletionStatus
SetThreadPriority
lstrcmpiA
IsDBCSLeadByte
lstrcpynA
HeapDestroy
lstrcpyA
lstrcatA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetShortPathNameA
MoveFileA
MoveFileW
CreateFileMappingA
CreateFileMappingW
CompareStringA
CompareStringW
UnmapViewOfFile
MapViewOfFile
GetFileSize
GlobalMemoryStatus
GetModuleHandleA
SystemTimeToFileTime
GetSystemTime
LoadLibraryA
GetFullPathNameW
GlobalUnlock
GlobalLock
Sleep
SetLastError
IsValidLocale
LoadLibraryExW
FindResourceExA
FindResourceExW
LockResource
OpenProcess
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsSetValue
GetCommandLineA
HeapFree
HeapAlloc
ExitThread
TlsGetValue
CreateThread
HeapReAlloc
ExitProcess
TlsFree
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
VirtualProtect
VirtualQuery
LCMapStringA
LCMapStringW
VirtualAlloc
RtlUnwind
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetVersionExA
LoadLibraryW
GetUserDefaultLangID
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetLastError
WideCharToMultiByte
GetTickCount
ResetEvent
SetEvent
CloseHandle
CreateProcessA
DeleteCriticalSection
InitializeCriticalSection
IsBadCodePtr
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
GetFullPathNameA
IsBadWritePtr

user32

GetDlgItem
wsprintfA
SendMessageA
LoadStringA
DefWindowProcA
EnableWindow
EndDialog
GetWindowLongA
SetFocus
DialogBoxParamA
SetCursor
SetWindowLongA
GetFocus
IsWindow
UnregisterClassA
DispatchMessageA
DestroyWindow
PostMessageA
RegisterClassA
CreateWindowExA
CharNextA
FindWindowA
SetTimer
KillTimer
SetWindowTextA
SendMessageTimeoutA
PeekMessageA
MsgWaitForMultipleObjects
LoadCursorA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExW
RegQueryValueExA
RegQueryValueExW
RegCloseKey
RegDeleteKeyA
RegDeleteKeyW
RegEnumKeyExA
RegEnumKeyExW
RegDeleteValueA
RegDeleteValueW
RegEnumValueA
RegEnumValueW
RegSetValueExA
RegSetValueExW
RegQueryInfoKeyA
GetUserNameA
GetUserNameW
RegOpenKeyExW

ole32

CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CLSIDFromProgID
GetHGlobalFromStream
StringFromGUID2
CoCreateGuid
CLSIDFromString
CreateStreamOnHGlobal
StringFromIID
IIDFromString
StringFromCLSID
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoDisconnectObject

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayCreateVector
VarUI4FromStr
SafeArrayRedim
RegisterTypeLi
SysStringLen
LoadRegTypeLi
VariantInit
SysAllocStringLen
VariantCopy
VarDecRound
SysFreeString
LoadTypeLi
VariantChangeType

winmm

waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
mixerGetID
mixerClose
mixerOpen
waveInGetNumDevs
waveOutGetNumDevs
waveOutGetDevCapsA
waveOutGetDevCapsW
waveInGetDevCapsA
waveInGetDevCapsW
waveInReset
waveInStop
waveInStart
waveInOpen
waveInClose
waveOutReset
waveOutPause
waveOutRestart
waveOutOpen
waveOutClose
waveOutGetPosition
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
mixerSetControlDetails
mmioClose
mmioSeek
mmioRead
mmioWrite
mmioDescend
mmioAscend
mmioCreateChunk
mmioOpenA
mmioOpenW

shlwapi

ord437

urlmon

URLOpenBlockingStreamW

msacm32

acmStreamPrepareHeader
acmStreamConvert
acmStreamUnprepareHeader
acmStreamSize
acmStreamOpen
acmStreamClose
acmFormatSuggest

shfolder

SHGetFolderPathW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RunSapiServer

Sections

.text
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8be1e71135249182f5f05114ab9256cc

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

winmm

shlwapi

urlmon

msacm32

shfolder

version

Exports

Exports

Sections

.text Size: 488KB - Virtual size: 487KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 296KB - Virtual size: 293KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 488KB - Virtual size: 487KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 296KB - Virtual size: 293KB

.reloc
Size: 28KB - Virtual size: 27KB