384e1df7b824f6e5c66ded94ae12c521_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

384e1df7b824f6e5c66ded94ae12c521_JaffaCakes118
Size

209KB
MD5

384e1df7b824f6e5c66ded94ae12c521
SHA1

f42f025535e1243eb43fb8b76f5c654cbedecd1a
SHA256

db70fddd3feabc8451424f45c1c46bba78e8ad3bf6c7a43ad84fbb42720b29e5
SHA512

99e7874233355ecd690380ce76504a4c3cfc985dfff42b9ab8fb6cabb93b1ca9a48fd481d447d8c07bde9875e2a24f2d8c9513d4d92f468894056fc3c323fe4f
SSDEEP

6144:HOod5j7uVeHSJh4XhG2+pMMxrzFMUiT0nVIg/6jZOoH1oT:HB0eKhCo2AvxbiT0nB6NO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
384e1df7b824f6e5c66ded94ae12c521_JaffaCakes118

Files

384e1df7b824f6e5c66ded94ae12c521_JaffaCakes118
.dll windows:5 windows x86 arch:x86

fafd6d7f6f931f71ab40ad1a30920a95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FlushFileBuffers
FreeConsole
GenerateConsoleCtrlEvent
GetCalendarInfoW
GetCommState
GetComputerNameExA
GetComputerNameExW
GetConsoleAliasesLengthW
GetConsoleFontSize
GetConsoleMode
GetCurrentDirectoryA
GetCurrentThread
GetDefaultCommConfigA
GetExitCodeProcess
GetFileInformationByHandle
GetHandleInformation
GetNumberFormatA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetProcessIoCounters
GetProcessWorkingSetSize
GetStartupInfoW
GetStringTypeExW
GetSystemTimeAdjustment
GetTempFileNameW
GetUserDefaultLCID
GlobalAddAtomA
GlobalHandle
Heap32ListFirst
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
IsBadReadPtr
IsBadStringPtrA
IsBadStringPtrW
LCMapStringA
LoadResource
FlushConsoleInputBuffer
OpenWaitableTimerW
PostQueuedCompletionStatus
Process32Next
PulseEvent
ReadConsoleOutputCharacterA
ReadConsoleOutputW
RemoveDirectoryW
ReplaceFileW
ResetEvent
RtlMoveMemory
SetCalendarInfoW
SetConsoleCursorPosition
SetConsoleDisplayMode
SetEvent
SetFileAttributesW
SetLocalTime
SetMessageWaitingIndicator
SetNamedPipeHandleState
SetPriorityClass
SetSystemPowerState
SleepEx
SwitchToFiber
TransmitCommChar
UnlockFile
UnlockFileEx
UnmapViewOfFile
VerLanguageNameA
VerifyVersionInfoA
VirtualProtect
VirtualUnlock
WritePrivateProfileStringW
WriteTapemark
_hwrite
_lcreat
lstrcpyW
lstrcpynA
FindNextVolumeMountPointA
FindFirstFileW
FindFirstFileA
FileTimeToDosDateTime
EnumSystemLanguageGroupsA
EnumResourceNamesW
EnumCalendarInfoW
DisconnectNamedPipe
CreateFileA
DeleteAtom
DefineDosDeviceW
CreateWaitableTimerW
CreateHardLinkW
CompareStringW
ClearCommBreak
BeginUpdateResourceW
BackupSeek
AllocateUserPhysicalPages
LoadLibraryW
GetProcAddress
GetWindowsDirectoryA
lstrlenA
lstrcpyA
MapViewOfFileEx

user32

GetSystemMetrics

comdlg32

ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
GetSaveFileNameA
ReplaceTextW
GetOpenFileNameA
GetFileTitleW
GetFileTitleA
FindTextA
CommDlgExtendedError
ChooseFontW
ChooseFontA
ChooseColorW
ChooseColorA
GetOpenFileNameW
FindTextW

advapi32

RegOpenKeyExA

ole32

CLIPFORMAT_UserUnmarshal
CLSIDFromProgIDEx
CoAddRefServerProcess
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoEnableCallCancellation
CoFreeUnusedLibraries
CoGetApartmentID
CoGetCallContext
CoGetCallerTID
CoGetCurrentProcess
CoGetObjectContext
CoGetPSClsid
CoGetStandardMarshal
CoGetTreatAsClass
CoInitializeWOW
CoMarshalInterThreadInterfaceInStream
CoQueryClientBlanket
CoQueryProxyBlanket
CoReactivateObject
CoRegisterMallocSpy
CoRegisterMessageFilter
CoRegisterPSClsid
CoRegisterSurrogate
CoRegisterSurrogateEx
CoSetCancelObject
CoTaskMemAlloc
CoTestCancel
CoWaitForMultipleHandles
CreateClassMoniker
CreateDataAdviseHolder
CreateGenericComposite
CreateItemMoniker
CreateStdProgressIndicator
DllGetClassObjectWOW
DoDragDrop
GetClassFile
GetHookInterface
HACCEL_UserFree
HACCEL_UserUnmarshal
HBITMAP_UserFree
HBITMAP_UserUnmarshal
HBRUSH_UserFree
HBRUSH_UserMarshal
HDC_UserFree
HDC_UserSize
HGLOBAL_UserMarshal
HMENU_UserMarshal
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserUnmarshal
HMETAFILE_UserMarshal
IIDFromString
MonikerCommonPrefixWith
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorageEx
OleCreateEx
OleCreateLinkFromData
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleGetClipboard
OleInitialize
OleInitializeWOW
OleIsRunning
OleLoadFromStream
OleMetafilePictFromIconAndLabel
OleNoteObjectVisible
OleQueryLinkFromData
OleRegEnumFormatEtc
OleRegGetMiscStatus
OleRegGetUserType
OleRun
OleSave
OleUninitialize
ReadClassStm
ReadOleStg
RegisterDragDrop
SNB_UserFree
SNB_UserUnmarshal
StgCreateDocfileOnILockBytes
StgCreateStorageEx
StgGetIFillLockBytesOnILockBytes
StgOpenStorage
StgPropertyLengthAsVariant
UtConvertDvtd16toDvtd32
UtGetDvtd32Info
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserSize
WriteFmtUserTypeStg

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gay5
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gay4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fafd6d7f6f931f71ab40ad1a30920a95

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

Sections

.text Size: 192KB - Virtual size: 192KB

.data Size: 512B - Virtual size: 256B

.gay5 Size: 1024B - Virtual size: 1000B

.gay4 Size: 1KB - Virtual size: 1KB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 192KB - Virtual size: 192KB

.data
Size: 512B - Virtual size: 256B

.gay5
Size: 1024B - Virtual size: 1000B

.gay4
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB