53a021e2290988ad5e4b0b285d834ce2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

53a021e2290988ad5e4b0b285d834ce2_JaffaCakes118
Size

173KB
MD5

53a021e2290988ad5e4b0b285d834ce2
SHA1

9682c995c19a035cc462ce86e9ad7c3bb5b33a49
SHA256

a1b2920da6dce3a8f06dd74a6b2be345a37d32ebe5c8a7b2b329e06f18348e89
SHA512

d070e1084998b140fca3f4e65e409357e56e9cd5c3c52a4b9f1c5775ff69632e1f87a59a156655fa3470749ab56569dd8cf59d425779f497f22f638f0b217d04
SSDEEP

3072:RaXtT4bBp4SPvQgUV0PdZvsN5NOxN7cUAP+rzd9TjTI9q6kx40XjT5/:gT49pKgUOPsja7cGHMzut5/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53a021e2290988ad5e4b0b285d834ce2_JaffaCakes118

Files

53a021e2290988ad5e4b0b285d834ce2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

296f76395d8f40f97c976fc24057cb6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aetup.pdb

Imports

ole32

CoInitializeEx
CoInitialize
CoCreateInstance

advapi32

RegDeleteKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
LsaNtStatusToWinError
NotifyBootConfigStatus
RegCloseKey
RegEnumValueW
RegOpenCurrentUser

user32

SetTimer
PostQuitMessage
GetMessageW

setupapi

SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW
SetupDiGetSelectedDriverW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstallParamsW
SetupDiGetClassDevsW
SetupDiEnumDriverInfoW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiDeleteDeviceInfo
SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
CM_Get_Device_IDW
CM_Get_DevNode_Status
CM_Free_Log_Conf_Ex
CM_Add_Empty_Log_Conf_Ex
SetupDiSetClassInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupGetFieldCount
SetupGetStringFieldW
SetupUninstallOEMInfW
SetupDiOpenClassRegKey

oleaut32

SysFreeString
VariantInit
VariantClear
VariantChangeType
VarCyMul
SysStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy

kernel32

_llseek
GetLocaleInfoA
WriteFileEx
WriteFile
WriteConsoleW
WriteConsoleA
WideCharToMultiByte
WaitForSingleObject
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
UnhandledExceptionFilter
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
SystemTimeToTzSpecificLocalTime
Sleep
SizeofResource
SignalObjectAndWait
SetStdHandle
SetProcessShutdownParameters
SetFilePointer
SetCurrentDirectoryW
RtlUnwind
ResumeThread
ResetEvent
RemoveDirectoryW
ReleaseMutex
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
OpenProcess
MoveFileW
Module32FirstW
MapViewOfFile
LocalFree
LoadLibraryW
LoadLibraryA
LeaveCriticalSection
LCMapStringA
CloseHandle
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateThread
DeleteFileW
DeviceIoControl
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FindNextFileW
FlushConsoleInputBuffer
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommState
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetEnvironmentStringsA
GetExitCodeThread
GetFileAttributesW
GetFileSizeEx
GetFileType
GetLastError
IsValidLocale
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
GlobalHandle
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedExchange
IsDebuggerPresent

shlwapi

PathFindFileNameW

rpcrt4

RpcMgmtStopServerListening
RpcMgmtWaitServerListen
NdrServerCall2
RpcAsyncRegisterInfo
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcServerRegisterIfEx

shell32

SHFreeNameMappings
SHCreateDirectoryExW
SHAddToRecentDocs
SHGetDesktopFolder

Exports

Exports

BeginState
GetBuffers
GetQueryParameterInfo
IsPrint
Restore
RicheditStreamIn
strtrim

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 451B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

296f76395d8f40f97c976fc24057cb6e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

advapi32

user32

setupapi

oleaut32

kernel32

shlwapi

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 19KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 451B

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 451B