574d3904da0014f3c113507e90df0444_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

574d3904da0014f3c113507e90df0444_JaffaCakes118
Size

159KB
MD5

574d3904da0014f3c113507e90df0444
SHA1

d89e1413121c91a721defa04b2f247c845e6c383
SHA256

480d6573e4f3d139a939af7e98063be8837aab29545f0bfb9762342366ecbf95
SHA512

9511c675a6280af6baeadf14f6c54e924092b1d0321377c918c3d41ebfa74682cf3186f5bcc9a81bd530cf64309b221b40ac1ad19ffaf084bd9e0eada3179878
SSDEEP

3072:ykOZTUcG5Thjz9aWv8QFPJixDcx1W6uFlfs3TIvfqtWqhkvSw:ySvjz9wQFPJSYW6gtsjIXOOvSw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
574d3904da0014f3c113507e90df0444_JaffaCakes118

Files

574d3904da0014f3c113507e90df0444_JaffaCakes118
.dll windows:6 windows x86 arch:x86

ca98764a1ce5575f641c51beb4f2766f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

occache.pdb

Imports

msvcrt

wcsncmp
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
_wcsicmp
_vsnwprintf
_wcsnicmp
bsearch
memcpy
_vsnprintf
_onexit
_lock
__dllonexit
_unlock
strncmp
memset

ntdll

RtlUnwind

user32

SendDlgItemMessageA
LoadIconA
LoadStringA
DestroyMenu
RemoveMenu
GetSubMenu
LoadMenuA
CreatePopupMenu
SetMenuDefaultItem
CheckMenuItem
RegisterClipboardFormatA
MessageBoxA
SetWindowTextA
SetWindowLongA
EndDialog
SendMessageA
GetDlgItem
GetWindowLongA
DialogBoxParamA
SetCursor
LoadCursorA
DestroyIcon
SetDlgItemTextA
GetClientRect
CharUpperA
PostMessageA

kernel32

RaiseException
SearchPathW
FindResourceW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
GetVersionExW
GetLocaleInfoW
CreateFileW
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
FindResourceExW
LoadResource
InitializeCriticalSectionAndSpinCount
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
HeapAlloc
GetProcessHeap
HeapFree
lstrcmpiA
CompareFileTime
lstrcmpA
FindClose
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
LocalFree
LocalAlloc
GlobalAlloc
lstrlenA
FreeLibrary
GetProcAddress
MultiByteToWideChar
LoadLibraryA
FormatMessageA
VerLanguageNameA
VirtualFree
VirtualAlloc
GetPrivateProfileStringA
GetSystemDirectoryA
DeleteFileA
WideCharToMultiByte
lstrlenW
GetEnvironmentVariableA
CloseHandle
GetLastError
CreateFileA
FindNextFileA
GetShortPathNameA
RemoveDirectoryA
CompareStringA
SystemTimeToFileTime
GetLocalTime
SetFileTime
GetFileTime
GetFileAttributesA
SetErrorMode
GetDiskFreeSpaceA
GetWindowsDirectoryA
LeaveCriticalSection
GetCurrentThread
EnterCriticalSection
VirtualQuery
VirtualProtect
FlushInstructionCache
GetCurrentProcess
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
GetThreadContext
SetThreadContext
SuspendThread
SetLastError
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameA

advapi32

UnregisterTraceGuids
RegisterTraceGuidsA
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
RegEnumKeyA
RegSetValueExA
RegQueryValueA
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA
RegSetValueA
RegCreateKeyExA
RegOpenKeyExW
RegOverridePredefKey
RegOpenCurrentUser
RegQueryValueExW

shlwapi

PathGetDriveNumberW
PathGetDriveNumberA
StrCmpNIA
ord157
PathRenameExtensionA
StrStrIA
SHRegGetValueA
PathFileExistsA
PathCombineA
PathFindFileNameA
StrChrA
PathCompactPathA
PathAppendA
ord437
StrToIntA
ord219
StrRetToBufA

comctl32

PropertySheetA

shell32

SHBindToParent
ord17
ord16
ExtractIconA
SHGetDesktopFolder
ord152
ShellExecuteA
SHChangeNotify
SHGetFolderPathA
ord67
ord74
ord174

wininet

InternetQueryOptionA
InternetGetConnectedState

iertutil

ord9
ord207

Exports

Exports

DllCanUnloadNow
DllGetClassObject
FindControlClose
FindFirstControl
FindNextControl
GetControlDependentFile
GetControlInfo
IsModuleRemovable
ReleaseControlHandle
RemoveControlByHandle
RemoveControlByHandle2
RemoveControlByName
RemoveControlByName2
RemoveExpiredControls
SweepControlsByLastAccessDate

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca98764a1ce5575f641c51beb4f2766f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

user32

kernel32

advapi32

shlwapi

comctl32

shell32

wininet

iertutil

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 82KB

.data Size: 54KB - Virtual size: 53KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 83KB - Virtual size: 82KB

.data
Size: 54KB - Virtual size: 53KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 5KB - Virtual size: 5KB