ff006a92c32850b4100ab97113356d3c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff006a92c32850b4100ab97113356d3c_JaffaCakes118
Size

84KB
MD5

ff006a92c32850b4100ab97113356d3c
SHA1

142c435e59df2b0bc9aca10eeaa1015a102cb897
SHA256

04a52c5b7f5348687001320863d454ec118e9437323b09d8e28e892ded9cdef8
SHA512

b2b51e86deeed411fe57ef5233341acbdb7771cf48d3f636f403d94a36a7dab9bf3f67f658b71a6a843e4fcaa5f7118d4c86ec016fd7cee08f0ecd6c3a3439f0
SSDEEP

1536:74SRV/KI/iIAmF9sZNdY4i7qDP+Ysi7Cw7Z1hK0B5D95vOet9Q5MLY/z:cSRV/KI/iIr14ig+t8CPE5plOet9Q5MW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff006a92c32850b4100ab97113356d3c_JaffaCakes118

Files

ff006a92c32850b4100ab97113356d3c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

56f8fee9080da3398af1d4e8968d7b7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LockFile
BeginUpdateResourceA
HeapValidate
GetEnvironmentStringsW
GetStringTypeA
lstrcmpiW
FindClose
SetConsoleTextAttribute
PeekNamedPipe
Beep
GetCPInfo
MoveFileA
GetQueuedCompletionStatus
FlushConsoleInputBuffer
CopyFileW
GetTempPathW
CreateHardLinkW
lstrcmpiA
FindResourceExW
HeapSetInformation
GetSystemWow64DirectoryW
GetModuleHandleExW
OpenMutexA
GetFileAttributesExA
SleepEx
GetBinaryTypeA
CreateNamedPipeA
SetSystemTime
GetCommandLineW
CreateTimerQueue
CallNamedPipeA
GetVersionExW
OpenEventW
RtlUnwind
lstrcmpW
IsBadStringPtrW
DeleteCriticalSection
GetCurrentProcess
GetLargestConsoleWindowSize
InitializeCriticalSection
QueueUserAPC
SwitchToThread
PostQueuedCompletionStatus
GetTempPathA
CreateRemoteThread
GetEnvironmentStrings
GetLocaleInfoA
GlobalFlags
IsBadWritePtr
CreateToolhelp32Snapshot
GetVersion
AreFileApisANSI
CreateMailslotA
SetLocalTime
ReadConsoleA
SetFilePointerEx
RegisterWaitForSingleObjectEx
WriteConsoleInputA
AddAtomA
ReleaseActCtx
SetCommMask
GetLocaleInfoW
LocalLock
FindResourceA
FindVolumeMountPointClose
FindFirstFileExW
AssignProcessToJobObject
SetProcessWorkingSetSize
GetCompressedFileSizeW
LockFileEx
ExpandEnvironmentStringsA
IsProcessorFeaturePresent
CreateProcessW
OpenFileMappingA
GetCurrentDirectoryA
WaitNamedPipeW
HeapDestroy
DeleteFileA
IsValidLanguageGroup
GetCurrentThread
LocalFileTimeToFileTime
GetNumberFormatW
GetSystemDirectoryA
GetComputerNameA
SetLastError
GetLastError
UnmapViewOfFile
HeapAlloc
WriteFile
CreateProcessA
CloseHandle
GetTickCount
VirtualProtect
GetProcAddress
GetVolumeInformationA
CreateDirectoryA
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetProcessHeap
VirtualQuery
LoadLibraryA
UnregisterWait
lstrlenW

ole32

CoImpersonateClient
CoCreateInstanceEx
OleCreateLinkFromData
CoUnmarshalInterface
OleRegEnumVerbs
CoMarshalInterface
CoRevertToSelf
OleDuplicateData
CoReleaseMarshalData
OleCreateStaticFromData
ReadFmtUserTypeStg
OleCreateMenuDescriptor
RegisterDragDrop
CoGetClassObject
OleLoad
FreePropVariantArray
OleCreateLinkToFile

shlwapi

StrChrW
SHRegSetUSValueW
PathMatchSpecW
SHCreateStreamOnFileW
StrRChrW
PathCommonPrefixW
StrChrA
SHDeleteKeyA
PathFindFileNameW
PathBuildRootW
PathCompactPathExW
PathCombineW
StrStrIW
UrlUnescapeW
StrCpyNW
PathMakePrettyW
PathIsPrefixW
SHRegGetBoolUSValueW
PathRemoveBackslashW
wvnsprintfW
AssocQueryStringW

advapi32

RegDeleteValueA
RegCloseKey
CreateServiceA
ClearEventLogW
MakeAbsoluteSD
GetNumberOfEventLogRecords
CredIsMarshaledCredentialW
RegisterEventSourceW
CreateProcessAsUserW
CheckTokenMembership
SaferCreateLevel
RegQueryInfoKeyW
ChangeServiceConfigW
RegNotifyChangeKeyValue
RegFlushKey
OpenServiceA
GetEffectiveRightsFromAclW
RegDeleteValueW
ReportEventA
SaferGetLevelInformation
RegOpenKeyA
GetInheritanceSourceW
GetSecurityDescriptorSacl

shell32

ShellAboutA
DragQueryFileA
SHGetFileInfoW
SHGetMalloc
ExtractIconExA
ShellAboutW
SHGetFolderPathA

Exports

Exports

Syncapimon

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56f8fee9080da3398af1d4e8968d7b7e

Headers

File Characteristics

Imports

kernel32

ole32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB