0db4bc176271410477c514a2a5897ab5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0db4bc176271410477c514a2a5897ab5_JaffaCakes118
Size

84KB
MD5

0db4bc176271410477c514a2a5897ab5
SHA1

c31952e62d87f1d6989a35e5140028b5a7ecb22c
SHA256

fa62b6c1e981044038ba21291232f4bb56928d5c38133225ee15e6b9c73aed6f
SHA512

696627816db0e39fa28d5b07b095b10cc9499a1ec583f1bfffefb0c0158874d42d625d48716c02748c6940bd4cf14e201e0e1280f72bb62664a1df321a39c7d2
SSDEEP

1536:b3gB+VeRFjPDJbT+Uyw6y52Hv+Vy5HefEftWtO:EEePh/+hwT5Uv+wHe8fq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0db4bc176271410477c514a2a5897ab5_JaffaCakes118

Files

0db4bc176271410477c514a2a5897ab5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

310fd8fcea164020bd66aae55f0425b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RegisterWaitForSingleObjectEx
GetFileAttributesExA
AllocConsole
ReleaseSemaphore
FindResourceA
IsBadCodePtr
GlobalAddAtomA
IsValidLocale
ActivateActCtx
GetLongPathNameW
GetModuleHandleW
LockResource
SearchPathW
OpenFile
GetLogicalDrives
GetThreadContext
AddAtomW
SetProcessWorkingSetSize
GetEnvironmentStringsW
MoveFileW
GetCommState
FlushViewOfFile
TerminateJobObject
LocalLock
FreeConsole
SetCurrentDirectoryA
GetSystemInfo
GetComputerNameW
OpenFileMappingA
GetCurrentActCtx
FindFirstChangeNotificationA
SetEnvironmentVariableW
GetProfileSectionA
GetSystemWow64DirectoryW
CreateRemoteThread
QueryPerformanceFrequency
WaitCommEvent
UnlockFile
GetStringTypeA
ReadConsoleInputW
SetSystemTime
GetTempPathA
CreateWaitableTimerA
ProcessIdToSessionId
GetVolumePathNamesForVolumeNameW
GetConsoleCP
GetCurrentThreadId
FileTimeToLocalFileTime
SetDefaultCommConfigW
LCMapStringA
GetCPInfo
FreeEnvironmentStringsW
GetCurrentProcess
ExpandEnvironmentStringsW
SetErrorMode
LockFile
EnumSystemLocalesA
SetupComm
GetVolumeNameForVolumeMountPointW
GetTimeFormatA
GetSystemDefaultLangID
GetDiskFreeSpaceA
GetWindowsDirectoryA
FindFirstFileExW
WriteProcessMemory
HeapWalk
CopyFileExW
IsBadHugeWritePtr
GetCurrentDirectoryA
GetSystemDirectoryA
InterlockedExchange
HeapAlloc
InitializeCriticalSectionAndSpinCount
lstrlenA
GetCurrentProcessId
GetModuleHandleA
VirtualQuery
CloseHandle
LocalFree
CreateDirectoryA
CreateFileA
ReleaseMutex
SetLastError
LoadLibraryA
UnmapViewOfFile
Sleep
CreateFileMappingA
LeaveCriticalSection
MapViewOfFile
lstrlenW
WriteFile
CreateEventA
GetProcAddress

oleaut32

SysAllocStringByteLen

shlwapi

PathAddBackslashW
PathGetCharTypeA
PathCombineW
StrCmpNW
SHRegGetUSValueW
PathRemoveExtensionW
PathStripPathW
PathCommonPrefixW
StrRetToStrW
StrDupA
PathFindNextComponentW
PathSkipRootW
StrRChrW

advapi32

GetAclInformation
CredGetSessionTypes
CheckTokenMembership
ReadEventLogW
BuildTrusteeWithNameW
RegDeleteValueA
GetUserNameA
RegQueryValueExA
GetServiceDisplayNameW
RegEnumKeyExA
StartServiceCtrlDispatcherA
RegReplaceKeyW
QueryServiceConfig2W
RegOpenCurrentUser
NotifyBootConfigStatus
QueryServiceStatus
QueryServiceLockStatusA
GetUserNameW
RegOpenKeyW
CredFree
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyW
CredIsMarshaledCredentialW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteA
SHGetFolderPathA
SHGetFolderLocation
SHAddToRecentDocs
SHGetSettings

Exports

Exports

HpapiEnum

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

310fd8fcea164020bd66aae55f0425b4

Headers

File Characteristics

Imports

kernel32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB