5446687eace10f465e3b29b49fdb2f00_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5446687eace10f465e3b29b49fdb2f00_JaffaCakes118
Size

116KB
MD5

5446687eace10f465e3b29b49fdb2f00
SHA1

87f708cd0da2b681a968fef4c7993d07b9a01212
SHA256

bb90266e3ca524b01819f1188452fd9836ea971e1b2a1340d335808b765f739a
SHA512

0ff2e56a4c13e447a685c1088578060c5098f36369ba4df9388fdf6c6500e81415dd608ca5f759e92aa9de0e6d67496e2890785069b7b9ffd8475ffc0ecf539b
SSDEEP

3072:cUbGWmGVpfgKu8irstinmaboLgnwlVrgJk3RjW83Pik6N:cNWmGbubk+EgalWWPX6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5446687eace10f465e3b29b49fdb2f00_JaffaCakes118

Files

5446687eace10f465e3b29b49fdb2f00_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4fbc0ba2710f88897ec81926ce47e522

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA
SHGetSpecialFolderPathW
SHFileOperationW

dinput

DirectInputCreateW

advapi32

GetSecurityDescriptorDacl
SetFileSecurityW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
AddAccessAllowedAce
AddAce
AllocateAndInitializeSid
EqualSid
GetAce
GetAclInformation
GetFileSecurityW
GetLengthSid
GetSecurityDescriptorControl
RegEnumKeyA
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken
RegCloseKey
SetSecurityDescriptorDacl

gdi32

GetStockObject
GetDeviceCaps

kernel32

WriteFile
lstrlenA
OutputDebugStringA
WriteConsoleW
AreFileApisANSI
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateMutexA
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateThread
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileA
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDriveTypeA
GetEnvironmentStringsA
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadPriority
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
MoveFileA
MulDiv
MultiByteToWideChar
OpenEventA
OpenFile
WriteConsoleA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlUnwind
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetThreadAffinityMask
SetThreadIdealProcessor
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

user32

AdjustWindowRect
CharLowerBuffA
CharToOemA
ClientToScreen
CloseClipboard
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EmptyClipboard
GetClipboardData
GetDC
GetDesktopWindow
GetForegroundWindow
GetQueueStatus
GetSystemMetrics
LoadCursorA
LoadIconA
MessageBoxW
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageA
PostThreadMessageA
RegisterClassA
RegisterWindowMessageA
ReleaseDC
ScreenToClient
SendMessageA
SetClipboardData
SetCursorPos
SetRect
SetWindowLongA
SetWindowPos
ShowCursor
ShowWindow
TranslateMessage
UpdateWindow
wsprintfA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

socket
send
select
recv
listen
ioctlsocket
inet_addr
htons
htonl
connect
closesocket
bind
accept
WSAStartup
WSAGetLastError
WSACleanup
WSAAsyncGetHostByName
WSACancelAsyncRequest

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutPrepareHeader
waveOutOpen
waveOutGetPosition
waveOutGetNumDevs
waveOutGetDevCapsW
waveOutGetDevCapsA
waveOutClose
waveInUnprepareHeader
waveInStart
waveInReset
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveInGetDevCapsW
waveInGetDevCapsA
mciSendCommandA
timeBeginPeriod
timeEndPeriod
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose

ole32

CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
PropVariantClear

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fbc0ba2710f88897ec81926ce47e522

Headers

File Characteristics

Imports

shell32

dinput

advapi32

gdi32

kernel32

user32

version

ws2_32

winmm

ole32

Sections

.text Size: 76KB - Virtual size: 75KB

.data Size: 28KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 76KB - Virtual size: 75KB

.data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB