2aa508083e0f8fb86fff9b7ac876a7e0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2aa508083e0f8fb86fff9b7ac876a7e0_JaffaCakes118
Size

240KB
MD5

2aa508083e0f8fb86fff9b7ac876a7e0
SHA1

22f0513df387cbc08cd8a39664f989b90062d33f
SHA256

b9896c0abe783d6fb9ddb649626f019fcd44985b63847d80debfe70b7f353eca
SHA512

da26af532ee8cc6f5c1ed47d479cc072a33825558bce7e9fffb258f2702689eb31b3d6fe7298705897d6919ff76300f6ba50bc4941ab679ede83f651d6d438d6
SSDEEP

6144:tGqntufQWvH+IABUbXgpD8nxMMwdYu8nDIs:qfQl42DRz8nDIs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2aa508083e0f8fb86fff9b7ac876a7e0_JaffaCakes118

Files

2aa508083e0f8fb86fff9b7ac876a7e0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

18527f39c46d8f789d05eb2fd99c5e73

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\The\To\From\Versions\Order.pdb

Imports

kernel32

VirtualFree
CreateEventW
lstrcmpW
GlobalFree
FreeResource
GetEnvironmentVariableW
GetTimeFormatW
GetDateFormatW
CompareFileTime
VirtualQuery
RaiseException
FlushInstructionCache
SizeofResource
lstrcatW
HeapDestroy
lstrcmpiW
lstrcpyW
FindFirstFileW
FindNextFileW
FindClose
LCMapStringW
DeleteFileW
CompareStringW
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
WideCharToMultiByte
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalAlloc
GetUserDefaultUILanguage
HeapAlloc
HeapFree
lstrlenW
GetFileAttributesW
CreateFileW
GetFileSize
MultiByteToWideChar
CreateFileMappingW
MapViewOfFile
GetLastError
UnmapViewOfFile
CloseHandle
SetFilePointer
SetEndOfFile
SetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
MulDiv
ReadFile
FileTimeToSystemTime
GetFileTime
GetThreadLocale
LocalAlloc
LockResource
LoadResource
FindResourceW
Sleep
QueryPerformanceCounter
UnhandledExceptionFilter
GetFileSizeEx
GetLocaleInfoW
EnumUILanguagesW
VirtualProtect
DisableThreadLibraryCalls
DeactivateActCtx
ActivateActCtx
FreeLibraryAndExitThread
SetEvent
CreateThread
ReleaseActCtx
CreateActCtxW
GetModuleHandleW
GlobalLock
GetModuleHandleA

user32

GetWindowTextW
GetWindowTextLengthW
GetSysColor
InvalidateRgn
RedrawWindow
SetCapture
GetClassNameW
ReleaseCapture
LoadMenuW
GetSubMenu
RemoveMenu
RegisterClipboardFormatW
ShowWindow
wsprintfW
GetClassInfoExW
FillRect
GetDC
GetWindow
DefWindowProcW
GetWindowLongW
PtInRect
SetFocus
GetFocus
DestroyAcceleratorTable
IsWindow
GetKeyState
RegisterClassW
SetTimer
CreateAcceleratorTableW
GetDesktopWindow
BeginPaint
CharNextW
CharPrevW
CharUpperW
LoadStringW
EnableWindow
CallWindowProcW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
DestroyMenu
GetSystemMetrics
GetWindowRect
GetClientRect
CopyRect
IntersectRect
EqualRect
SetWindowRgn
SetWindowPos
ReleaseDC
DeleteMenu

winspool.drv

SetPrinterW
GetPrinterW
SetPrinterDataExW
ClosePrinter
OpenPrinterW
GetPrinterDataExW
FreePrinterNotifyInfo
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
GetPrinterDataW
EnumJobsW
EnumPrinterDriversW
XcvDataW
FindClosePrinterChangeNotification
EnumPrintersW
SetJobW
GetPrinterDriverDirectoryW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue

ole32

OleInitialize
CoUninitialize
OleSaveToStream
CoInitializeEx
WriteClassStm
OleRegGetMiscStatus
OleRegEnumVerbs
CoTaskMemRealloc
CreateStreamOnHGlobal
OleUninitialize
CLSIDFromProgID
OleLockRunning
GetHGlobalFromStream
ReleaseStgMedium
StringFromIID
CLSIDFromString
IIDFromString
CoRegisterPSClsid
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc

msvcrt

malloc
wcsncmp
wcschr
wcstod
qsort
towlower
realloc
free
strtok
exit
memset
wcsrchr

shlwapi

StrFormatByteSizeW

userenv

LeaveCriticalPolicySection

Exports

Exports

CommunityStandalonePlatformCreated
EndorsedOverrideOverride
IncludingVersionsMoreIt
ItTime
JcpTechnologiesNewer
MayWwwA
OfPlatformPlatform
OfStandalone
OrgPackagesTime
OutsideTechnologiesPlatformVersionMeans
ThatJavaStandards

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18527f39c46d8f789d05eb2fd99c5e73

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

advapi32

ole32

msvcrt

shlwapi

userenv

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 28KB - Virtual size: 250KB

.rsrc Size: 66KB - Virtual size: 65KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 28KB - Virtual size: 250KB

.rsrc
Size: 66KB - Virtual size: 65KB

.reloc
Size: 2KB - Virtual size: 1KB