2fa9c860f71c95e096f78fd407333711_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fa9c860f71c95e096f78fd407333711_JaffaCakes118
Size

1.8MB
MD5

2fa9c860f71c95e096f78fd407333711
SHA1

3a10554b59f73095c64fb6f1bd03daa926f7aefc
SHA256

86370dd9234a71d7f000c5680f98b893474e5bab76206ac4c0cf497c4a59871d
SHA512

19941e672d1aeabecea4ca7809e584903abc0e6a14db90efc84de3b2030d0a802602588bd06174aa68c3dbf1661d367082c21ba6a8a8519ba6cf425c2362c07b
SSDEEP

24576:J7/ZhAHIBvLKwLmB30F+AW4ja2++O33Pqd7jw3YJQ:J7/zhLIOW4ja2+h3Pqd7jK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fa9c860f71c95e096f78fd407333711_JaffaCakes118

Files

2fa9c860f71c95e096f78fd407333711_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

4b4ad08b7b8211372d7c2bb021d6bf45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

netshell.pdb

Imports

ntdll

NtOpenFile
RtlNtStatusToDosError
RtlGetNtProductType
RtlVerifyVersionInfo
NtCreateEvent
NtOpenEvent
NtSetEvent
VerSetConditionMask
RtlInitUnicodeString
NtCreateFile
NtDeviceIoControlFile
NtClose
RtlUnwind

rtutils

TracePrintfA
TraceVprintfExA
TraceRegisterExA

advapi32

OpenThreadToken
UnlockServiceDatabase
OpenServiceW
OpenSCManagerW
LockServiceDatabase
InitiateSystemShutdownExW
QueryServiceStatus
ControlService
CloseServiceHandle
QueryServiceConfigW
EnumDependentServicesW
GetUserNameW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyExW
ChangeServiceConfigW
RegEnumValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
StartServiceW

gdi32

SelectObject
GetStockObject
GetObjectW
CreateFontIndirectW
DeleteObject
GetTextExtentPoint32W
GetDeviceCaps

kernel32

AddAtomW
GetOverlappedResult
ReadFile
SetEndOfFile
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetPrivateProfileIntW
GetNumberFormatW
GetDateFormatW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
MultiByteToWideChar
lstrlenA
CloseHandle
WriteFile
lstrlenW
CreateFileW
lstrcatW
GetTempPathW
Sleep
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
lstrcpyW
GetLastError
RaiseException
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
FlushInstructionCache
GetCurrentProcess
lstrcmpiW
WideCharToMultiByte
DebugBreak
GetCurrentThreadId
WaitForSingleObject
HeapDestroy
lstrcpynW
GetCurrentThread
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetFileSize
GetModuleFileNameW
GetModuleHandleW
CreateThread
LoadLibraryW
DelayLoadFailureHook
GetProcAddress
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FormatMessageW
LockResource
CreateEventW
CreateMutexW
DeleteFileW
ExpandEnvironmentStringsW
VerifyVersionInfoW
LocalAlloc
SetLastError
LocalFree
lstrcmpA
GlobalFree
GetStringTypeExW
GetThreadLocale
lstrcmpW
OutputDebugStringW
GetUserDefaultLCID
GetUserDefaultUILanguage
ReleaseMutex
IsBadWritePtr
IsBadStringPtrW
GetSystemWindowsDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetSystemDirectoryW
SetComputerNameExW
GetSystemDefaultUILanguage
GetExitCodeThread
GetComputerNameExW
IsBadReadPtr
GetComputerNameW
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InterlockedExchange
HeapSize
GetACP
GetOEMCP
GetCPInfo
IsBadCodePtr
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoA
FlushFileBuffers
DeviceIoControl
DeleteAtom
SetThreadPriority
FreeLibraryAndExitThread
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
QueueUserWorkItem
SetEvent
CancelIo
ResetEvent
WaitForMultipleObjects

credui

CredUIPromptForCredentialsW

ole32

CoCreateGuid
CLSIDFromString
IIDFromString
CoInitialize
CoSetProxyBlanket
StringFromGUID2
CoCreateInstance
StringFromCLSID
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

SafeArrayGetUBound
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayCreate
VarI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal

rpcrt4

NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllCanUnloadNow

shlwapi

PathRemoveArgsW
StrRetToBufW
AssocCreate
PathQuoteSpacesW
PathFileExistsW
PathCanonicalizeW
ord437
PathGetArgsW
PathUnquoteSpacesW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetSpecialFolderPathW
ord744
ord745
Shell_NotifyIconW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetInstanceExplorer
ord172
ord83
ord256
ord73
SHChangeNotify
ord67
ord195
ord196
ord18
ord72
ord192
SHGetFolderPathW
ShellExecuteW
ord259
ord258
ShellExecuteExW
ord68

user32

DialogBoxParamW
LoadMenuW
GetMenuItemInfoW
GetMenuItemCount
FindWindowExW
CheckMenuItem
CreateDialogParamW
GetMenuItemID
SetMenuItemInfoW
SetMenuDefaultItem
InsertMenuW
EnableMenuItem
AppendMenuW
SetDlgItemInt
EmptyClipboard
InsertMenuItemW
TrackPopupMenu
DeleteMenu
SetClipboardData
CloseClipboard
GetCursorPos
RegisterClassW
OpenClipboard
DrawIconEx
EndPaint
BeginPaint
CharLowerW
CreateMenu
LoadStringW
SetForegroundWindow
IsWindow
FindWindowW
CharNextW
GetWindowLongW
CallWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetDlgItem
SendMessageW
SetWindowPos
MapWindowPoints
GetClientRect
GetWindowRect
GetParent
SetWindowLongW
GetWindowTextW
GetWindowTextLengthW
wsprintfW
LoadCursorW
DefWindowProcW
EndDialog
CharUpperW
CharLowerBuffW
SetWindowTextW
SendDlgItemMessageW
SetDlgItemTextW
GetSystemMetrics
DestroyWindow
PostMessageW
EnableWindow
CheckDlgButton
IsDlgButtonChecked
MessageBoxW
SetCursor
WinHelpW
DestroyIcon
GetDesktopWindow
GetMessagePos
GetAsyncKeyState
SetFocus
GetFocus
SetClassLongW
ShowWindow
UpdateWindow
PostQuitMessage
GetKeyState
LoadImageW
GetDlgCtrlID
ReleaseDC
GetDC
CreateWindowExW
SetTimer
KillTimer
GetMessageW
LoadIconW
SetWindowTextA
GetWindowTextA
wvsprintfW
SetCapture
GetClassLongW
ReleaseCapture
CheckRadioButton
IsWindowVisible
SendMessageTimeoutW
IsWindowEnabled
MoveWindow
MessageBeep
GetDlgItemTextW
GetWindowThreadProcessId
GetShellWindow
InSendMessage
PostThreadMessageW
CopyIcon
DestroyMenu
RemoveMenu
GetSubMenu

ws2_32

WSCEnumProtocols
WSCDeinstallProvider

atl

ord30

iphlpapi

FlushIpNetTable
NotifyAddrChange
GetAdaptersAddresses
GetAdaptersInfo

clusapi

GetNodeClusterState

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoInitialCleanup
HrCreateDesktopIcon
HrGetAnswerFileParametersForNetCard
HrGetExtendedStatusFromNCS
HrGetIconFromMediaType
HrGetIconFromMediaTypeEx
HrGetInstanceGuidOfPreNT5NetCardInstance
HrGetNetConExtendedStatusFromGuid
HrGetNetConExtendedStatusFromINetConnection
HrGetStatusStringFromNetConExtendedStatus
HrIsIpStateCheckingEnabled
HrLaunchConnection
HrLaunchConnectionEx
HrLaunchNetworkOptionalComponents
HrOemUpgrade
HrRenameConnection
HrRunWizard
InvokeDunFile
NcFreeNetconProperties
NcIsValidConnectionName
NetSetupAddRasConnection
NetSetupFinishInstall
NetSetupInstallSoftware
NetSetupPrepareSysPrep
NetSetupRequestWizardPages
NetSetupSetProgressCallback
NormalizeExtendedStatus
RaiseSupportDialog
RepairConnection
StartNCW

Sections

.text
Size: 545KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b4ad08b7b8211372d7c2bb021d6bf45

Headers

File Characteristics

PDB Paths

Imports

ntdll

rtutils

advapi32

gdi32

kernel32

credui

ole32

oleaut32

rpcrt4

shlwapi

shell32

user32

ws2_32

atl

iphlpapi

clusapi

Exports

Exports

Sections

.text Size: 545KB - Virtual size: 545KB

.orpc Size: 1024B - Virtual size: 580B

.data Size: 84KB - Virtual size: 93KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 545KB - Virtual size: 545KB

.orpc
Size: 1024B - Virtual size: 580B

.data
Size: 84KB - Virtual size: 93KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 26KB - Virtual size: 25KB