27065066fdf949aa7a69867dcc8549e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27065066fdf949aa7a69867dcc8549e6_JaffaCakes118
Size

483KB
MD5

27065066fdf949aa7a69867dcc8549e6
SHA1

162a74c050e7eb40402080a7e335c2b630b47615
SHA256

bdfa61b1484bb0a600c14a4400cd7b189f2b58ba630659a2f0a422209332f582
SHA512

00ee19e577369103b4c30fbe2da238930e5a66791b8fc580b3a376298112e9badfb012611123790cd47ef98076e4e83c42f509fc279280f5754e0aa81af2644b
SSDEEP

12288:00xRPH3e6tJPFooJptt/JQi0pMCmPcwM3Olp:00HPXe6rJpH/J6piPcwF7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27065066fdf949aa7a69867dcc8549e6_JaffaCakes118

Files

27065066fdf949aa7a69867dcc8549e6_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

208081e7760cf2148f9991363aa44476

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHGetValueW
SHDeleteValueW

kernel32

EnumResourceNamesA
CreateFileA
GetProcAddress
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MapViewOfFileEx
AddAtomW
DeleteAtom
GetThreadSelectorEntry
GetSystemTimeAdjustment
SetFirmwareEnvironmentVariableW
GetProfileSectionW
FindNextFileA
BuildCommDCBW
EnumResourceLanguagesA
GetModuleHandleW
VirtualQuery
BeginUpdateResourceW
GetStartupInfoA
GlobalWire
DuplicateHandle
GetProfileIntA
GetPrivateProfileStructA
CreateThread
UnhandledExceptionFilter
GlobalGetAtomNameW
GetLongPathNameA
WriteProfileStringA
FileTimeToDosDateTime
InterlockedIncrement
LockFileEx
CreateIoCompletionPort
lstrlenW
GetPriorityClass
BuildCommDCBA
SuspendThread
EraseTape
WriteTapemark
GetDiskFreeSpaceExW
WriteProfileStringW
HeapFree
GetShortPathNameW
lstrcatW
GetSystemDirectoryA
LocalAlloc
GetBinaryTypeA
CreateFileMappingA
GetPrivateProfileIntW
GetComputerNameA
DebugSetProcessKillOnExit
DebugBreakProcess
SetTapeParameters
GetProfileIntW
GetComputerNameW
GetProcessWorkingSetSize
RequestWakeupLatency
LockFile
ExitThread
WideCharToMultiByte
FindFirstChangeNotificationW
GetWindowsDirectoryA
GetFileAttributesExW
Sleep
MoveFileExW
SetFileAttributesW
SetThreadAffinityMask
CommConfigDialogA
CreateEventW
CreateNamedPipeA
DeviceIoControl
GetDefaultCommConfigA
GetLogicalDriveStringsW
ExpandEnvironmentStringsW
LocalSize
CreateDirectoryW
MoveFileW
CreateFileMappingW
GetFullPathNameW
CreateDirectoryExW
FindResourceW
GetExitCodeThread
HeapSize
BackupSeek
DebugActiveProcessStop
GetFileAttributesExA
EnumResourceTypesW
GetEnvironmentStringsW
GetCompressedFileSizeW
HeapReAlloc
FreeLibraryAndExitThread
WaitForDebugEvent
GetQueuedCompletionStatus
GetPrivateProfileSectionNamesW
GetCurrentDirectoryW
PulseEvent
HeapQueryInformation
lstrcatA
GetTapeParameters
GetMailslotInfo
OpenFileMappingW
GetFileInformationByHandle
ClearCommBreak
GetStdHandle
ExitProcess
GlobalLock
CancelIo
GetStartupInfoW
GetPrivateProfileStringW
CreateSemaphoreA
BeginUpdateResourceA
OpenSemaphoreW
IsBadStringPtrW
lstrcpyW
EnumResourceLanguagesW
DefineDosDeviceW
LocalHandle
CreateFileW
LoadModule
ClearCommError
HeapUnlock
FindAtomW
FileTimeToLocalFileTime
GetNamedPipeHandleStateW
GetOverlappedResult
DeleteFileA
SetFileAttributesA
CreateTapePartition
GetSystemTime
GetDriveTypeW
FindNextFileW
SetSystemTime
TlsSetValue
SetThreadContext
GetVersionExW
GetNumaAvailableMemoryNode
QueryDosDeviceW
IsBadHugeWritePtr
SetFilePointer
MoveFileA
CloseHandle
MoveFileExA
SetFileShortNameW
LoadLibraryExW
SetEvent
LoadResource
IsBadCodePtr
CopyFileW
GetFileTime
GetDefaultCommConfigW
CommConfigDialogW
GetFileSize
DisableThreadLibraryCalls
EnumResourceNamesW
GetDiskFreeSpaceExA
WriteProcessMemory
GetProcessPriorityBoost
GetProfileStringA
GetPrivateProfileIntA
GetProcessAffinityMask
CreateMutexW
UnmapViewOfFile
OpenEventW
GetLongPathNameW
VerifyVersionInfoA
SetCommConfig
ResetWriteWatch
GetVolumeInformationA
FormatMessageW
SetThreadPriority
GetLogicalDrives
GetNamedPipeInfo
GetCommModemStatus
ProcessIdToSessionId
SetCommState
GetSystemDirectoryW
SetNamedPipeHandleState
GetModuleFileNameW
SetLocalTime
GetTapeStatus
SearchPathA
CreateNamedPipeW
GlobalAddAtomW
lstrcmpiA
CreateProcessW
FatalAppExitA
lstrcmpW
GetModuleHandleA
GetCommConfig
BuildCommDCBAndTimeoutsW
Beep
CreateDirectoryExA
BackupWrite
ExpandEnvironmentStringsA
GetTempFileNameW
CompareFileTime
CreateEventA
CallNamedPipeW
VirtualFreeEx
DeleteFileW
EnumResourceTypesA
DisconnectNamedPipe
WaitNamedPipeW
FindClose
GetDiskFreeSpaceW
GetSystemTimeAsFileTime
WritePrivateProfileStringA
GetProfileSectionA
HeapCompact
GetTempPathA
ReadFileScatter
EndUpdateResourceA
FreeLibrary
GetFirmwareEnvironmentVariableW
LocalUnlock
FreeEnvironmentStringsA
HeapAlloc
LocalReAlloc
GetPrivateProfileSectionW
GlobalFindAtomA
FatalAppExitW
VerifyVersionInfoW
CreateMailslotW
GetDevicePowerState
GlobalCompact
AddAtomA
GlobalHandle
QueryPerformanceFrequency
GetVersion
GetCurrentThreadId
SetErrorMode
OutputDebugStringW
GetFileType
GetShortPathNameA
GetAtomNameW
HeapWalk
FlushFileBuffers
GetBinaryTypeW
HeapValidate
GlobalGetAtomNameA
MulDiv
WritePrivateProfileSectionA
GetCurrentThread
LocalFree
LoadLibraryW
MapViewOfFile
SetCommMask
SetVolumeLabelA
GlobalAddAtomA
LoadLibraryExA
GlobalFindAtomW
InterlockedExchange
GetWriteWatch
OpenMutexW
MultiByteToWideChar
GetCurrentProcessId
HeapLock
GetProfileStringW
GetDiskFreeSpaceA
DebugActiveProcess
VirtualProtect
DebugBreak
GetLogicalDriveStringsA
FlushViewOfFile
FileTimeToSystemTime
GetPrivateProfileStructW
EndUpdateResourceW
GetThreadTimes
SetVolumeLabelW
FindFirstChangeNotificationA
FindNextChangeNotification
GlobalMemoryStatusEx
GetPrivateProfileStringA
CreateMutexA
GlobalUnlock
SetCommTimeouts
UnlockFileEx
GlobalAlloc
GetEnvironmentVariableA
InterlockedCompareExchange
BuildCommDCBAndTimeoutsA
CreatePipe
IsSystemResumeAutomatic
OpenFileMappingA
GetLocalTime
OpenEventA
GetPrivateProfileSectionNamesA
FindFirstFileW
SearchPathW
FindCloseChangeNotification
GetNamedPipeHandleStateA
GetCurrentDirectoryA
GetProcessVersion
GlobalReAlloc
IsProcessorFeaturePresent
AreFileApisANSI
CreateDirectoryA
OutputDebugStringA
FlushInstructionCache
GetThreadPriority
LocalFlags
FatalExit
GlobalFlags
GetNumaHighestNodeNumber
PostQueuedCompletionStatus
GetEnvironmentVariableW
WriteFileGather
VirtualAlloc
ResumeThread
GetCurrentProcess
GetThreadContext
GetLastError
SetLastError
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStrings
SetHandleCount
GetModuleFileNameA
WriteFile
InterlockedDecrement
TlsFree
TlsAlloc
TlsGetValue
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
TerminateProcess
RtlUnwind
RaiseException

user32

OffsetRect
IntersectRect
InflateRect
ClientToScreen
CreateDialogParamW
SendMessageA
GetParent
GetClassNameW
GetWindowLongA
SetWindowTextW
RemovePropW
TranslateMessage
DispatchMessageW
EnumChildWindows
RemovePropA
GetPropA
GetPropW
PostMessageW
SetWindowLongA
GetClientRect
MoveWindow
GetClassNameA
BringWindowToTop
GetDlgItem
CharUpperW
MsgWaitForMultipleObjects
SetWindowLongW
SetPropA
GetWindowTextW
RealGetWindowClassW
SetPropW
PeekMessageW
GetWindowRect
CreateDialogParamA
GetWindowTextA
CharLowerW
GetWindowLongW
GetWindowThreadProcessId
RealGetWindowClassA
SetActiveWindow
DestroyWindow
SendMessageW

oleaut32

SysFreeString
VariantInit
VarCmp
VariantClear
VariantChangeType
SysAllocString
VariantCopy
SysStringLen

Exports

Exports

DllAction
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

208081e7760cf2148f9991363aa44476

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 362KB - Virtual size: 361KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 5KB - Virtual size: 27KB

.rsrc Size: 1024B - Virtual size: 876B

.reloc Size: 77KB - Virtual size: 77KB

.text
Size: 362KB - Virtual size: 361KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 27KB

.rsrc
Size: 1024B - Virtual size: 876B

.reloc
Size: 77KB - Virtual size: 77KB