14c1c098ebb258bedec9c7c424bc1207_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14c1c098ebb258bedec9c7c424bc1207_JaffaCakes118
Size

426KB
MD5

14c1c098ebb258bedec9c7c424bc1207
SHA1

5d4da939d9f04dc02de0e1fd4ba11f6a08934ac4
SHA256

682de0db92064bdd10f14997bd55b84c672271837aadc2221485bf2f1d8379e2
SHA512

d1aa27bdb8ee21f725658e455f2e6e425ed6fd36965f33ec217e6424de64c166981ea9634a6a03ca2626a4a95fb37f75356ae0be2114603c097741a8e464547f
SSDEEP

6144:WwODnLb3HkBDHNAY9rhxE2k0rAJBkyWpZhGqEax4q09AVNVwa:WwODnLbXEDWYjG21Pppwa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14c1c098ebb258bedec9c7c424bc1207_JaffaCakes118

Files

14c1c098ebb258bedec9c7c424bc1207_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fc4ccee136f005386c230abc90704fa2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathCompactPathExW

ole32

CoUninitialize
CoInitializeEx

shell32

ShellExecuteW
CommandLineToArgvW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteExW

advapi32

InitializeSecurityDescriptor
StartServiceW
SetTokenInformation
SetSecurityDescriptorSacl
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegDeleteValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
CloseServiceHandle
ControlService
CreateProcessAsUserW
DuplicateTokenEx
FreeSid
GetUserNameW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW

user32

SendMessageW
PostMessageW
OffsetRect
MessageBoxW
LoadStringW
LoadImageW
KillTimer
IsWindow
GetWindowRect
GetSystemMetrics
SetActiveWindow
GetDlgItemTextW
GetDlgItem
GetDesktopWindow
GetClientRect
ExitWindowsEx
EndDialog
EnableWindow
DialogBoxParamW
DestroyWindow
CreateWindowExW
CreateDialogParamW
CopyRect
BringWindowToTop
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowPos
SetWindowTextW
ShowWindow
wsprintfW
GetParent

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

WriteConsoleA
WaitNamedPipeW
WriteFile
WaitForSingleObject
WriteConsoleW
WideCharToMultiByte
WaitForMultipleObjects
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
TerminateThread
TerminateProcess
SystemTimeToFileTime
SetUnhandledExceptionFilter
SetStdHandle
SetLastError
SetHandleCount
SetFilePointer
SetEvent
SetErrorMode
SetEnvironmentVariableA
SetEndOfFile
SearchPathW
RtlUnwind
ResetEvent
ReleaseMutex
ReadFile
RaiseException
QueryPerformanceCounter
Process32NextW
Process32FirstW
OutputDebugStringW
OpenProcess
OpenMutexW
OpenEventA
MultiByteToWideChar
MoveFileW
MoveFileExW
LocalFree
LoadLibraryW
AllocConsole
CancelIo
CloseHandle
CompareStringA
CompareStringW
CopyFileW
CreateEventA
CreateEventW
CreateFileA
CreateMutexW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
DisconnectNamedPipe
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetEnvironmentStringsA
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesW
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessPriorityBoost
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA

wininet

InternetConnectW
InternetOpenW
InternetQueryDataAvailable
InternetQueryOptionW
InternetCloseHandle
InternetSetOptionW
InternetSetStatusCallbackW
HttpAddRequestHeadersA
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
HttpOpenRequestW

rpcrt4

UuidFromStringW
UuidToStringW
UuidCreate
RpcStringFreeW

gdi32

CreateSolidBrush
SetBkColor

Exports

Exports

BlockPop
GetClosure
Keys
Number_AsSsize_t
Number_Subtract
get_cHRM
permit_empty_plte

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc4ccee136f005386c230abc90704fa2

Headers

File Characteristics

Imports

shlwapi

ole32

shell32

advapi32

user32

version

kernel32

wininet

rpcrt4

gdi32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 260KB - Virtual size: 259KB

.data Size: 70KB - Virtual size: 71KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 260KB - Virtual size: 259KB

.data
Size: 70KB - Virtual size: 71KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 5KB - Virtual size: 5KB