3105dc9bcece56529445336130a18ead_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3105dc9bcece56529445336130a18ead_JaffaCakes118
Size

108KB
MD5

3105dc9bcece56529445336130a18ead
SHA1

6ec9ae8990d79850c872517956080ca74ca9d333
SHA256

e5108722616f690a390b16eff5540ccada246fcd8f98a3f865beb68d385a1e70
SHA512

0b08645dc99be5096ab738f7321a949c79ed7fd3a0250b11a973e54a0100a5acff0a81debcb007108061d0ccd4223315cdcd71ef665c9c7af1c3011b72990eb3
SSDEEP

1536:rJLHB/RN3hKyCRmlIJGOFoB7ML5iSwBAlsRUs9oF5wuTF2uGJ9e6s9e:Jp3hTCRCYGFB7ML5JM7SsxxuGJ9eH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3105dc9bcece56529445336130a18ead_JaffaCakes118

Files

3105dc9bcece56529445336130a18ead_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a06dccf6ba357c19c38b996593c28292

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

GetTrusteeFormA
LsaEnumeratePrivileges
OpenEventLogA
EqualPrefixSid
RegDeleteKeyW
RegCreateKeyW
GetMultipleTrusteeOperationA
RegFlushKey
CloseServiceHandle
GetSecurityDescriptorGroup
EnumDependentServicesW
ConvertStringSidToSidW
MakeSelfRelativeSD
GetCurrentHwProfileA
AccessCheckAndAuditAlarmW
GetSecurityDescriptorOwner
RegReplaceKeyW
RegDeleteKeyA
LookupAccountNameW
LsaDeleteTrustedDomain
SetServiceObjectSecurity
QueryServiceLockStatusW
AccessCheckByTypeAndAuditAlarmW
AddAuditAccessObjectAce
LsaRemovePrivilegesFromAccount
AddAccessDeniedAceEx
LsaSetDomainInformationPolicy
SetNamedSecurityInfoExA
LookupSecurityDescriptorPartsA
LsaEnumerateAccountRights
GetServiceDisplayNameW
ConvertSidToStringSidA
RegEnumKeyExA
ConvertStringSidToSidA
RegLoadKeyW
AddAccessDeniedAce
CreateRestrictedToken
SetFileSecurityW
GetSidSubAuthorityCount
SystemFunction025
ObjectPrivilegeAuditAlarmA
LsaCreateTrustedDomain
RevertToSelf
SystemFunction003
BuildTrusteeWithNameA
ConvertSecurityDescriptorToStringSecurityDescriptorA
LsaFreeMemory
GetAuditedPermissionsFromAclW
CryptDestroyHash
CheckTokenMembership
RegQueryValueA
OpenEventLogW
CryptHashData
LookupPrivilegeDisplayNameA
EnumServicesStatusA
LsaClose
QueryRecoveryAgentsOnEncryptedFile

comctl32

ImageList_DragMove
DrawStatusTextW
ImageList_Destroy
ImageList_DrawEx
_TrackMouseEvent
ImageList_Read
CreateToolbarEx
ImageList_LoadImageW
ImageList_Remove
ImageList_Duplicate
ImageList_AddIcon
ord8
ImageList_SetOverlayImage
ImageList_ReplaceIcon
ord13
DestroyPropertySheetPage
CreatePropertySheetPageA
FlatSB_SetScrollPos
ord3
ord15
ImageList_Write
CreateStatusWindowW
ImageList_DragEnter
ImageList_DrawIndirect
ImageList_GetImageCount
ImageList_DragShowNolock

kernel32

VirtualAlloc
GetProcAddress
IsDBCSLeadByte
GetSystemTimeAsFileTime
LoadResource
IsValidLocale
GetSystemTime
MoveFileExW
GetProfileStringW
GetTapePosition
CopyFileW
GenerateConsoleCtrlEvent
EnumTimeFormatsA
GetConsoleInputWaitHandle
WritePrivateProfileSectionA
SetConsoleCursor
SetConsoleTitleA
VDMConsoleOperation
GetSystemDirectoryW
GetProcessHeaps
ExitVDM
GetCPInfo
GetVersion
GetHandleInformation
GetModuleHandleA
GetSystemDefaultLCID
EnumResourceLanguagesA
InterlockedIncrement
VerLanguageNameW
Process32NextW
ExitThread
GetShortPathNameW
EnumTimeFormatsW
ClearCommBreak
CreateHardLinkA
SetConsoleNumberOfCommandsA
GetPriorityClass
FatalAppExitA
VerLanguageNameA
SetDefaultCommConfigW
ReadConsoleOutputCharacterW
AddAtomW
LoadLibraryA
WriteFileGather
GetConsoleAliasesLengthW
GetLongPathNameA
CompareStringW
GetFileTime
SetThreadAffinityMask
SetCommConfig
FlushInstructionCache
GetConsoleInputExeNameA
SleepEx

opengl32

glRectiv
glClear
glFinish
glPolygonOffset
glMap2f
glTexCoord2f
glEnableClientState
wglDescribePixelFormat
glColor4uiv
glTexCoord4d
glTexCoord1sv
glPopName
glGetMaterialiv
glTexCoord2i
glEvalCoord1d
wglRealizeLayerPalette
glTexCoord2sv
glColor3f
wglChoosePixelFormat
glGenLists
glVertex3sv
glTexEnvi
glColor3b
glScissor
glInitNames
glTexCoord1d
glMapGrid1f
glPixelMapusv
wglDescribeLayerPlane
glColor4ub
glGetTexEnviv
glVertex3iv
glSelectBuffer
glColor4s
glRasterPos4i
glEdgeFlagPointer
glIndexMask
glEdgeFlagv
glMap1d
glDrawElements
glVertex4fv
glNormal3f
glLightiv
wglGetDefaultProcAddress
glVertex4s
glVertex3i
glIndexPointer
glLoadMatrixf
glVertex2dv
glEvalCoord2f
glColor3i
glEvalPoint2
glCallLists
glLogicOp
glEdgeFlag
glEvalCoord1f
glRasterPos3fv
glColor4us
glRectfv
glHint
glFeedbackBuffer
glCullFace
glGetMapfv
glColor3d
glPolygonStipple
glTexCoord1f
wglUseFontOutlinesW
glTexCoord2fv
glLightModelf
glNormal3bv
glGetDoublev
glColor3dv
glTranslated
glTexGenf
glPixelTransferf
glShadeModel
glTexCoord2dv
glPixelStoref
glTexCoord3f
glDebugEntry
glTexSubImage2D
glColor4bv
glPopAttrib
glIsList
glNormal3b
glColor4usv
glRasterPos3f
glFogiv
glEvalCoord2fv
glTexSubImage1D
glTexGenfv

version

VerInstallFileW
VerInstallFileA
VerQueryValueW
VerFindFileW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerFindFileA
GetFileVersionInfoSizeW
GetFileVersionInfoA

winspool.drv

AddFormA
GetPrinterDriverDirectoryW
EnumPortsA
DevQueryPrint
DeletePrinterIC
QuerySpoolMode
DeleteFormA
SetPrinterDataW
AddPrintProcessorA
DeletePortW
ord100
AddPrinterDriverA
StartDocPrinterA
ScheduleJob
SetPrinterDataExW
AdvancedDocumentPropertiesA

msvcrt

_mbscmp
_mbsdec
_mbstok
_mbsnbcnt
_unloaddll
_logb
fsetpos
atof
_unlink
fflush
_mbsnbicoll
memset
_getdiskfree
clock
_close
vswprintf
_mbsspnp
fputc
_wspawnve
putwc
fseek
_spawnvpe
_fcloseall
_fpreset
_inpw
_i64toa
feof
_spawnle
_wmktemp
printf
_chdrive
_toupper
sprintf
fread
fputs
ftell
_fgetchar
strchr
_fputchar
_isctype
wcslen
_mbsnccnt
vfwprintf
fprintf
fwprintf
fopen
_ismbcprint
_ismbclegal
_rmtmp
_ismbcalnum
_jn
isalpha
div
_i64tow
_chmod
ungetc
_strnicoll
ferror
fwrite
_lrotr
_scalb
_adj_fptan
_heapwalk
__p__dstbias
_ismbcdigit
_mbsnbicmp
_mbschr
_wfdopen
_safe_fdivr
_fstat
__argc
_lsearch
_loaddll
__wgetmainargs
isspace
strxfrm
_CIlog10
_mbsbtype
_mbsset
_wcsicoll
_endthread
fclose
setbuf
_beginthread
_longjmpex
_wsetlocale
_ismbbpunct
ceil

Exports

Exports

Vcpiqhlotc

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a06dccf6ba357c19c38b996593c28292

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

opengl32

version

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 56KB - Virtual size: 52KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 56KB - Virtual size: 52KB

.reloc
Size: 8KB - Virtual size: 4KB