3bfcce6fa68de3b7098e0a028ba2c749_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3bfcce6fa68de3b7098e0a028ba2c749_JaffaCakes118
Size

112KB
MD5

3bfcce6fa68de3b7098e0a028ba2c749
SHA1

488cfcaf636e4d917bfd0bc402e0d3949f57c890
SHA256

deb792abe8510a88674c230687eb88e1420b88a05c2c3cb33f6e275e02798296
SHA512

9687c9e102166eb2224474dc60c6dc4c42f57188ec33135367bdd8d9962d2e3474d361a40ac7c63be9a0a98b2926fcbbc5460d74d4e02b793ccca5b9e7838712
SSDEEP

3072:L3UTSZcOcR2PZGcp1eyIjzxIIHp11Ej9Dx:b7wR1lI+1Cj9D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bfcce6fa68de3b7098e0a028ba2c749_JaffaCakes118

Files

3bfcce6fa68de3b7098e0a028ba2c749_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cbb2d1888785039ed31dcb8cec00049b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InvalidateConsoleDIBits
OpenMutexW
IsBadStringPtrW
WriteConsoleOutputAttribute
SystemTimeToTzSpecificLocalTime
WritePrivateProfileStringA
CallNamedPipeW
SizeofResource
BuildCommDCBA
GetConsoleAliasExesA
SetConsoleTitleA
CallNamedPipeA
GetSystemTime
EnterCriticalSection
VirtualFree
LoadLibraryW
SetHandleInformation
ResetEvent
lstrcatW
WaitForSingleObject
IsValidLocale
FormatMessageA
LoadLibraryA
GetTimeZoneInformation
GetProcAddress
VerLanguageNameW
VerLanguageNameA
GetNumberOfConsoleFonts
GetPrivateProfileSectionA
FindNextVolumeA
FillConsoleOutputCharacterW
GetTapeParameters
GetVersion
RequestWakeupLatency
WriteConsoleOutputCharacterA
GetLocalTime
ReleaseMutex
DuplicateConsoleHandle
SetConsoleCursorInfo
SetDefaultCommConfigA
SetConsolePalette
Heap32ListFirst
GetModuleHandleW
GetVDMCurrentDirectories
WaitCommEvent
SetNamedPipeHandleState
CommConfigDialogW
RegisterWowExec
CreateHardLinkA
GetPrivateProfileStringA
FreeLibrary
WriteFile
CloseHandle
VirtualAlloc
GetModuleHandleA
GetHandleInformation

advapi32

EnumDependentServicesW
LsaSetSystemAccessAccount
BuildTrusteeWithNameW
ClearEventLogA
AddAuditAccessAceEx
RegEnumKeyExA
GetSecurityInfoExA
ElfBackupEventLogFileA
EnumServiceGroupW
CheckTokenMembership
CryptEnumProviderTypesA
RegQueryInfoKeyW
LsaSetTrustedDomainInfoByName
SystemFunction024
MakeAbsoluteSD
SystemFunction029
LookupAccountNameA
SetNamedSecurityInfoExA
LsaStorePrivateData
EnumServicesStatusW
NotifyChangeEventLog
CryptSetProviderA
GetOverlappedAccessResults
QueryRecoveryAgentsOnEncryptedFile
RegCreateKeyExW
LsaQueryInformationPolicy
IsTokenRestricted
CryptGetProvParam
DecryptFileW
CryptHashData
GetSecurityDescriptorControl
FileEncryptionStatusW
CryptSetHashParam
LogonUserW
GetNamedSecurityInfoW
RegReplaceKeyA
ReportEventW
SetPrivateObjectSecurityEx
GetTrusteeTypeA
RegQueryValueExA
SetAclInformation
RegQueryInfoKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorW
ChangeServiceConfig2A
SetSecurityDescriptorDacl
BuildImpersonateExplicitAccessWithNameA
LsaGetSystemAccessAccount
LsaCreateSecret
LsaEnumeratePrivilegesOfAccount
LsaSetQuotasForAccount
LsaSetTrustedDomainInformation
CryptGetUserKey
ConvertSecurityDescriptorToStringSecurityDescriptorW
AddAccessAllowedAce
RegFlushKey
BuildExplicitAccessWithNameW

version

GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerInstallFileA
VerFindFileW
GetFileVersionInfoA
VerQueryValueW
VerInstallFileW

winmm

mmTaskCreate
auxOutMessage
waveOutReset
waveOutPause
midiInOpen
mmioRenameW
mciGetDeviceIDFromElementIDA
joyGetPos
NotifyCallbackData
aux32Message
midiOutGetDevCapsA
midiInAddBuffer
PlaySoundA
joyGetDevCapsW
waveOutGetPitch
joyGetThreshold
waveInGetDevCapsW
sndPlaySoundW
mmioAdvance
waveInUnprepareHeader
auxGetDevCapsW
timeSetEvent
mciSetDriverData
timeGetTime
midiOutClose
WOW32DriverCallback
midiStreamPause
WOWAppExit
waveInGetDevCapsA
midiInMessage
midiStreamPosition
auxGetNumDevs
waveInGetID
mmioInstallIOProcA
mmioInstallIOProcW
midiStreamProperty
mixerGetControlDetailsA
joy32Message
mciSetYieldProc
midiStreamClose
midiOutGetDevCapsW

winspool.drv

AdvancedDocumentPropertiesA
DeletePrinterDriverW
GetPrinterDriverDirectoryW
AddPrintProcessorA
DeleteMonitorW
EnumJobsA
DocumentPropertiesA
AddFormA
XcvDataW
AddPrinterConnectionW
ord214
ord256
DevicePropertySheets
WaitForPrinterChange
SetJobW
ResetPrinterA
AddPrinterConnectionA
ord205
DeletePrinterConnectionA
CommitSpoolData
GetPrintProcessorDirectoryW
AdvancedDocumentPropertiesW
ResetPrinterW
StartDocPrinterA
OpenPrinterA
AddPrinterDriverExW
EnumPrintersW
CloseSpoolFileHandle
ClosePrinter
FindFirstPrinterChangeNotification
DeviceMode
SetPrinterW
DevQueryPrintEx
SetJobA

msvcrt

_mbsstr
_mbsdec
_mbslen
mblen
_wexecl
__lc_handle
tmpfile
_CIcosh
qsort
_wspawnvp
_wcmdln
_mbscat
_strnicoll
vprintf
_sleep
printf
__p__wpgmptr
_wchdir
fputc
ftell
longjmp
fsetpos
sprintf
_chkesp
clock
_osver
fseek
modf
_mbsninc
iswgraph
_wrmdir
freopen
_execvpe
iswxdigit
_unlink
exp
_endthread
_ecvt
_get_osfhandle
iswlower
fputs
iswascii
raise
_strerror
_mbsncmp
ungetc
_setmbcp
_getsystime
_fpclass
fread
_getcwd
_strupr
fwprintf
_mbslwr
_wcsnicoll
_chdir
__p__commode
_heapset
_wcsnicmp
_atodbl
fclose
_rotr
__unguarded_readlc_active
localeconv
ferror
_ismbbkana
_futime
gets
_dup2
_yn
feof
_close
_initterm
fprintf
__CxxLongjmpUnwind
_seterrormode
wcsncmp
_ismbbgraph
_fcloseall
memset
_isatty
fwrite
_ismbcalnum
fopen
_mbsdup
log10

Exports

Exports

Bohirtasok
Hpqfbbyubv
Hwanyhump
Iswxw
Lpsbrl
Oxqoyr
Szuog
Tejtclqo
Uipwzfqfsb
Vianfr
Wgaryvosrx

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbb2d1888785039ed31dcb8cec00049b

Headers

File Characteristics

Imports

kernel32

advapi32

version

winmm

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 52KB - Virtual size: 49KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 52KB - Virtual size: 49KB

.reloc
Size: 8KB - Virtual size: 5KB