fda6ed002844a62d61424a87760a94c4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fda6ed002844a62d61424a87760a94c4_JaffaCakes118
Size

273KB
MD5

fda6ed002844a62d61424a87760a94c4
SHA1

518057fd8a5ce63445f5860a705b000bf022abc8
SHA256

afbe009b4f13765ecc2be85e228001235eaad5071a0852de5a262b002fbee839
SHA512

50524901a0a2fdbae1f33a53876e0dce7a5c0868046e16e778d7cb7dc2ce7dd9e09d92ec2b345f6c26cbeab0de618f2e934747ad5ed07f14eeddfa39b6350c97
SSDEEP

3072:k4y+m3vPYXgkucdlaf4840Z9PvThWEJUz6RggePyoBl87mCCi9NXLMQppIN3e0G:avPuuUlaf3Z9APWH/iCCi/XLJA3e0G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fda6ed002844a62d61424a87760a94c4_JaffaCakes118

Files

fda6ed002844a62d61424a87760a94c4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a3df0216a5db3177ce1bbd05e4b29940

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dprx.pdb

Imports

kernel32

CancelIo
WaitForMultipleObjects
CreateEventW
DuplicateHandle
TerminateThread
GetExitCodeThread
Sleep
FindClose
FindNextFileW
CreateFileW
FindFirstFileW
lstrcpyW
GetSystemTimeAsFileTime
GetTempPathW
FileTimeToSystemTime
GetTickCount
SetThreadPriority
GetCurrentThreadId
GetFileAttributesExW
GetFileTime
CompareFileTime
DeleteFileW
GetTempFileNameW
SetLastError
ReadFile
GetFileSize
MoveFileExW
FlushFileBuffers
WriteFile
SetFileAttributesW
VirtualAlloc
VirtualFree
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
LocalAlloc
ProcessIdToSessionId
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentThread
ReleaseMutex
CreateMutexW
FindResourceExW
LockResource
SetEndOfFile
DisableThreadLibraryCalls
lstrlenA
LoadLibraryW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetLastError
GetModuleFileNameW
GetSystemDirectoryW
lstrcmpiW
WaitForSingleObject
lstrcatA
CreateEventA
InterlockedDecrement
ResetEvent
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
FreeLibrary
GetVersionExW
GetModuleHandleW
MultiByteToWideChar
GetProcAddress
GetCurrentProcess
GetComputerNameW
lstrlenW
LocalFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetACP
InterlockedExchange
SetFileTime
GlobalSize
CreateMutexA
CreateDirectoryW
GetSystemTime
lstrcpynA
OpenFileMappingW
CreateFileMappingW
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
VirtualQuery
SetEvent
SetSystemTime
InterlockedIncrement
OpenProcess
GetSystemInfo
GetModuleHandleA
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateFileA
lstrcpynW
CreateSemaphoreW
CreateThread
ExitThread
ReleaseSemaphore
InterlockedExchangeAdd
UnmapViewOfFile
MapViewOfFile
lstrcatW
SetFilePointer
GlobalAlloc
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
RtlUnwind

user32

CharLowerW
CharNextW
KillTimer
SetTimer
GetWindowThreadProcessId
GetDesktopWindow
CharLowerBuffW
UnregisterClassA
SendMessageW
RegisterWindowMessageW
PostMessageW
IsWindow

advapi32

IsValidSid
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
DuplicateTokenEx
SetTokenInformation
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
ConvertSidToStringSidW
RegOpenKeyExW
RegCloseKey
CryptDestroyKey
GetSidSubAuthority
GetSidSubAuthorityCount
CryptEncrypt
CryptDecrypt
CryptDeriveKey
SetNamedSecurityInfoW
ConvertStringSidToSidW

shell32

SHGetFolderPathW
SHCreateDirectoryExW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoInitializeEx

oleaut32

VarBstrCmp
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
VarBstrFromI4
SysAllocString
SysAllocStringLen
SysStringLen
VarBstrCat
SysFreeString
SafeArrayRedim
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
VarI4FromStr
SafeArrayCreate
VarBstrFromR8

proxy

?GeoLocate@CProxy@@QAEJXZ
?Open@CProxy@@QAEJHPAX@Z
?Close@CProxy@@QAEXXZ
?LoadDll@CProxy@@QAEJPBG@Z
?SynchronizeTime@CProxy@@QAEJPAG@Z
?SendRemoteHttpRequest@CProxy@@QAEJPAGJPAUtagVARIANT@@1J10@Z
??0CProxy@@QAE@XZ
??1CProxy@@QAE@XZ

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW
SHCreateStreamOnFileW

rpcrt4

UuidCreate

iphlpapi

NotifyAddrChange

wtsapi32

WTSCloseServer
WTSFreeMemory
WTSQuerySessionInformationW
WTSOpenServerW

netapi32

NetWkstaUserEnum
NetApiBufferFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3df0216a5db3177ce1bbd05e4b29940

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

proxy

shlwapi

rpcrt4

iphlpapi

wtsapi32

netapi32

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 188KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 192KB - Virtual size: 188KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 20KB