14a1612692831d6a9e8378fa5e36cd33_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14a1612692831d6a9e8378fa5e36cd33_JaffaCakes118
Size

88KB
MD5

14a1612692831d6a9e8378fa5e36cd33
SHA1

6fe76e3c6d88e6e4ec27b874d5f15f8063680f2b
SHA256

b8b7321f7b82236a4c76726a636fc77245be9d99b8389fdc41d2991f691645c1
SHA512

af31d28c6c660bbf3955858d6163246181507fb4b0a466fb2d8987d602c3446bd0e2ae3be68a43d135aa0dcc74e360a26b344691a28a92263fb63afcbe847c74
SSDEEP

1536:SybM6l8GG6GvCpPtdv1OmkiFCuA4vCgFdo:pG6FpPHvFk6nagT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14a1612692831d6a9e8378fa5e36cd33_JaffaCakes118

Files

14a1612692831d6a9e8378fa5e36cd33_JaffaCakes118
.dll windows:4 windows x86 arch:x86

46db145ec81ea93eff6ae4814ae62c22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AllocConsole
LockFile
GetAtomNameW
CreateNamedPipeA
WideCharToMultiByte
MoveFileA
RtlMoveMemory
SetFilePointer
QueueUserWorkItem
GetDateFormatA
IsValidCodePage
ClearCommBreak
Beep
GetCommMask
GlobalFree
IsBadCodePtr
PeekConsoleInputA
FindVolumeClose
HeapValidate
GetLogicalDrives
GetSystemTimeAdjustment
IsValidLanguageGroup
lstrcpynW
GetDateFormatW
DeleteTimerQueueTimer
OpenMutexW
FindActCtxSectionGuid
ProcessIdToSessionId
ReadConsoleInputA
IsBadStringPtrW
RemoveDirectoryA
IsDBCSLeadByteEx
MoveFileExA
OpenMutexA
GetProfileStringA
SetTimeZoneInformation
SetDefaultCommConfigW
CreateJobObjectW
GlobalFlags
GetProcessAffinityMask
GetStringTypeW
HeapCompact
GetStartupInfoA
CreateIoCompletionPort
SetConsoleActiveScreenBuffer
CreateNamedPipeW
GetThreadTimes
CreateMailslotW
FindFirstChangeNotificationW
SetHandleCount
LocalUnlock
FindResourceA
GetTapeParameters
WaitNamedPipeA
GetLargestConsoleWindowSize
SetConsoleTextAttribute
GetCurrentThreadId
WriteFileEx
GlobalAlloc
GetProfileIntW
IsBadHugeWritePtr
GlobalAddAtomA
GetCurrentDirectoryW
SetVolumeMountPointW
GetNumberFormatA
DuplicateHandle
GlobalDeleteAtom
LocalSize
FindFirstChangeNotificationA
GetExitCodeProcess
GetVolumeInformationW
ChangeTimerQueueTimer
CreateMutexA
CreateFileMappingA
CreateProcessA
Sleep
GetModuleHandleA
SetLastError
GetCurrentProcessId
VirtualQuery
LoadLibraryA
LeaveCriticalSection
WaitForSingleObject
lstrlenW
GetProcAddress
InterlockedIncrement
EnterCriticalSection
GetLastError
HeapAlloc
HeapFree
CreateSemaphoreA
GetComputerNameA

ole32

CoDisableCallCancellation
CoTaskMemRealloc
StgOpenStorage
OleCreateFromFile
StringFromGUID2
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoAddRefServerProcess
OleInitialize
OleGetAutoConvert
CoDisconnectObject
CoGetMalloc
CoCreateGuid
CoRegisterMessageFilter
RegisterDragDrop
OleIsRunning

shlwapi

StrCmpNW
PathRemoveExtensionW
SHStrDupW
PathAppendW
PathCreateFromUrlW
PathStripToRootW
StrDupW
SHRegSetUSValueW
SHRegSetPathW
UrlEscapeW
PathStripPathW
StrFormatKBSizeW
StrCpyNW
SHDeleteValueW

advapi32

RegDeleteValueA
RegCloseKey
SetSecurityInfo
RegDeleteKeyA
CheckTokenMembership
CredDeleteW
RegDeleteKeyW
OpenEventLogW
SaferSetLevelInformation
MapGenericMask
GetNumberOfEventLogRecords
ElfRegisterEventSourceW
GetTokenInformation
OpenServiceW
RegUnLoadKeyW
RegConnectRegistryA
RegSetValueA
GetAclInformation
OpenThreadToken
RegSaveKeyExW
DeregisterEventSource
InitiateSystemShutdownW
ClearEventLogW
ReadEventLogA
RegQueryValueA
RegCreateKeyExW
CredFree
RegOpenCurrentUser
MakeAbsoluteSD
RegQueryInfoKeyW
SetTokenInformation
RegSaveKeyW
RegDeleteValueW
BuildExplicitAccessWithNameW
GetUserNameW
RegQueryValueExA

shell32

ShellAboutW
SHAppBarMessage
SHBrowseForFolderW
SHChangeNotify
SHGetSpecialFolderLocation
SHGetFileInfoA
DragQueryFileW
ShellExecuteA
SHGetFolderPathA

Exports

Exports

DfrgWIInterval

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46db145ec81ea93eff6ae4814ae62c22

Headers

File Characteristics

Imports

kernel32

ole32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB