431a79f3d5db2bb467d46b6a6a92d9b0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

431a79f3d5db2bb467d46b6a6a92d9b0_JaffaCakes118
Size

229KB
MD5

431a79f3d5db2bb467d46b6a6a92d9b0
SHA1

ef115bda49d3ae143dd969af17ea69ac124516e5
SHA256

440081f27fcdbb659f23b8c0022d1b0b55efa5831945534fbc3349632c41e7b9
SHA512

4dc3027b374c60794a403bca4bea9b5e76ba96de8a05eb8bf24413020d1fa5b9b144d127965cdd9b5d6c2a4485ef71c05c36af0557109c0592033e329770e6f1
SSDEEP

3072:UTgTUOUUlzZSHvNgAnoAyQYCNuxE8CYC+s2uyc6xQ0NFfOIKObJrdj1vlQ23Ek5a:UilzqBX0E8CYC+1hxQ0NF59rvkkj7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
431a79f3d5db2bb467d46b6a6a92d9b0_JaffaCakes118

Files

431a79f3d5db2bb467d46b6a6a92d9b0_JaffaCakes118
.dll windows:6 windows x86 arch:x86

5225d4a18b2424290d29801c95584ead

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

advpack.pdb

Imports

msvcrt

_initterm
free
malloc
_XcptFilter
_amsg_exit
_ultow
_setjmp3
longjmp
_wtoi
_wtol
memmove
_vsnprintf
_vsnwprintf
memcpy
bsearch
_adjust_fdiv
_wcsnicmp
_wcsicmp
memset

user32

SendMessageW
SetWindowPos
SendDlgItemMessageW
LoadStringW
CharNextW
ReleaseDC
GetDC
GetWindowRect
CharPrevW
CharUpperW
GetSystemMetrics
MessageBoxW
MessageBeep
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
ExitWindowsEx
EndDialog
EnableWindow
GetDlgItem
SetWindowTextW
GetDesktopWindow
GetDlgItemTextW
SetDlgItemTextW
DialogBoxParamW
OemToCharA
IsWindow
ShowWindow
DestroyWindow
UpdateWindow
CreateDialogParamW
CharNextA

gdi32

GetObjectW
GetStockObject
CreateFontIndirectW
GetDeviceCaps
DeleteObject

kernel32

MulDiv
EnumResourceLanguagesW
MultiByteToWideChar
WideCharToMultiByte
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
GetDiskFreeSpaceW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetFileTime
ReadFile
SetFileTime
WritePrivateProfileSectionW
GetProfileStringW
lstrcmpiA
GetLocalTime
GetFullPathNameW
GetSystemInfo
SearchPathW
GetPrivateProfileIntW
FindFirstFileW
FindNextFileW
FindClose
lstrcmpiW
GetCurrentProcess
GetSystemDirectoryW
MoveFileW
MoveFileExW
CopyFileW
GetPrivateProfileSectionW
CreateProcessW
CreateDirectoryW
SetFileAttributesW
GetVolumeInformationW
CompareStringW
ExpandEnvironmentStringsW
GetShortPathNameW
FormatMessageW
RemoveDirectoryW
CreateFileMappingW
MapViewOfFileEx
SetLastError
UnmapViewOfFile
LoadLibraryExW
LoadLibraryW
GetUserDefaultUILanguage
GetProcAddress
GetFileAttributesW
FreeLibrary
GetPrivateProfileStringW
FindResourceExW
MapViewOfFile
GetSystemDefaultUILanguage
GetFileSize
GetLastError
lstrlenW
GetDriveTypeW
LocalFree
GetEnvironmentVariableW
CloseHandle
WriteFile
CreateFileW
WritePrivateProfileStringW
LockResource
LoadResource
SizeofResource
FindResourceW
GetTempFileNameW
GetWindowsDirectoryW
GetTempPathW
LocalAlloc
lstrlenA
SetFilePointer
GetModuleFileNameW
DeleteFileW
LocalReAlloc
GetVersionExW
DisableThreadLibraryCalls
lstrcmpW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyW
RegUnLoadKeyW
RegLoadKeyW
RegSaveKeyW
RegFlushKey
RegCloseKey
RegDeleteValueW
GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
RegEnumValueW
RegSetValueW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryInfoKeyW

ole32

OleInitialize
OleUninitialize
CoTaskMemFree

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

setupapi

SetupCloseInfFile
SetupDefaultQueueCallbackW
SetupOpenAppendInfFileW
SetupOpenInfFileW
SetupSetDirectoryIdW
SetupGetLineTextW
SetupFindNextLine
SetupFindFirstLineW
SetupGetStringFieldW
SetupCloseFileQueue
SetupTermDefaultQueueCallback
SetupCommitFileQueueW
SetupInitDefaultQueueCallbackEx
SetupQueueCopyW
SetupOpenFileQueue
SetupInstallFromInfSectionW

shlwapi

StrStrIW
StrChrW
PathAddBackslashW
ord215
ord217
StrRChrW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathBuildRootW
PathCombineW

Exports

Exports

AddDelBackupEntry
AddDelBackupEntryA
AddDelBackupEntryW
AdvInstallFile
AdvInstallFileA
AdvInstallFileW
CloseINFEngine
DelNode
DelNodeA
DelNodeRunDLL32
DelNodeRunDLL32A
DelNodeRunDLL32W
DelNodeW
DoInfInstall
DoInfInstallA
DoInfInstallW
ExecuteCab
ExecuteCabA
ExecuteCabW
ExtractFiles
ExtractFilesA
ExtractFilesW
FileSaveMarkNotExist
FileSaveMarkNotExistA
FileSaveMarkNotExistW
FileSaveRestore
FileSaveRestoreA
FileSaveRestoreOnINF
FileSaveRestoreOnINFA
FileSaveRestoreOnINFW
FileSaveRestoreW
GetVersionFromFile
GetVersionFromFileA
GetVersionFromFileEx
GetVersionFromFileExA
GetVersionFromFileExW
GetVersionFromFileW
IsNTAdmin
LaunchINFSection
LaunchINFSectionA
LaunchINFSectionEx
LaunchINFSectionExA
LaunchINFSectionExW
LaunchINFSectionW
NeedReboot
NeedRebootInit
OpenINFEngine
OpenINFEngineA
OpenINFEngineW
RebootCheckOnInstall
RebootCheckOnInstallA
RebootCheckOnInstallW
RegInstall
RegInstallA
RegInstallW
RegRestoreAll
RegRestoreAllA
RegRestoreAllW
RegSaveRestore
RegSaveRestoreA
RegSaveRestoreOnINF
RegSaveRestoreOnINFA
RegSaveRestoreOnINFW
RegSaveRestoreW
RegisterOCX
RegisterOCXW
RunSetupCommand
RunSetupCommandA
RunSetupCommandW
SetPerUserSecValues
SetPerUserSecValuesA
SetPerUserSecValuesW
TranslateInfString
TranslateInfStringA
TranslateInfStringEx
TranslateInfStringExA
TranslateInfStringExW
TranslateInfStringW
UserInstStubWrapper
UserInstStubWrapperA
UserInstStubWrapperW
UserUnInstStubWrapper
UserUnInstStubWrapperA
UserUnInstStubWrapperW

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5225d4a18b2424290d29801c95584ead

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

gdi32

kernel32

advapi32

ole32

version

setupapi

shlwapi

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 108KB

.data Size: 110KB - Virtual size: 163KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 109KB - Virtual size: 108KB

.data
Size: 110KB - Virtual size: 163KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB