JaffaCakes118_4f84ddafb6938d3d536bbbefd754fbc0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4f84ddafb6938d3d536bbbefd754fbc0
Size

974KB
MD5

4f84ddafb6938d3d536bbbefd754fbc0
SHA1

f987c85870574f9af650ff76631dc8bba1047881
SHA256

8b7c317114a1882f3263086da576d4ebd44896ef7eb92e6a2116d5d7098db9a1
SHA512

d76067b07489440f0f2a41a9093760371607b51c28502c0660d282d6989af48ea719515572407327811350cf9f7b1a5dc5ed652e3836d804cbfc97de597a6b68
SSDEEP

24576:An9OEI7SfQaWOq/hAAB7rWbLgi/yPtsdhuB:kOEI7/ZOqtrWEpB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4f84ddafb6938d3d536bbbefd754fbc0

Files

JaffaCakes118_4f84ddafb6938d3d536bbbefd754fbc0
.dll windows:5 windows x86 arch:x86

fd5ea99cfb243c49b2a2bf38d7c727c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

kernel32

DeleteFileW
CreateFileW
CreateDirectoryW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
UnmapViewOfFile
GetFullPathNameW
GetFileAttributesW
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
VirtualProtect
VirtualAlloc
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
OpenProcess
GetCurrentProcessId
VirtualFree
OutputDebugStringW
ExpandEnvironmentStringsW
ReadProcessMemory
WriteFile
SetErrorMode
GetFileAttributesA
DebugBreak
GetSystemDirectoryW
LoadLibraryW
GetProcessHeap
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetEnvironmentVariableW
OutputDebugStringA
IsDBCSLeadByte
HeapFree
HeapAlloc
HeapReAlloc
GetVersionExA
FindNextFileW
InitializeCriticalSection
HeapCreate
GetPriorityClass
GetThreadPriority
FlushViewOfFile
MapViewOfFileEx
CreateFileMappingW
GetFileType
DeviceIoControl
InitializeCriticalSectionAndSpinCount
CopyFileA
SetFileAttributesA
CopyFileW
SetFileAttributesW
LCMapStringA
LCMapStringW
LocalFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExpandEnvironmentStringsA
DeleteFileA
FormatMessageW
FormatMessageA
GetThreadSelectorEntry
CreateThread
TerminateThread
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetVersionExW
GetSystemInfo
LoadLibraryA
DeleteCriticalSection
FreeLibrary
HeapDestroy
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
SetLastError
FindFirstFileW
GetProcAddress
VirtualQueryEx

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
realloc
sprintf
iswprint
memmove
iswspace
calloc
wcsncat
strncat
_itoa
_write
strncpy
strchr
towlower
tolower
_wcsicmp
_assert
_wcslwr
_close
_wopen
time
wcsncpy
strncmp
_ltoa
_wcsnicmp
_stricmp
_purecall
_vsnprintf
isspace
ctime
malloc
_strlwr
atol
__CxxFrameHandler
fclose
_winminor
_winmajor
_osver
__unDName
isdigit
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
wcstol
_snprintf
wcsrchr
_wmakepath
_fullpath
_wfullpath
_mbsicmp
_access
_wcsdup
_fsopen
_wfsopen
_get_osfhandle
_read
_lseeki64
_chsize
_open_osfhandle
_wsopen
_sopen
wprintf
ftell
_wgetenv
_memicmp
_mbscmp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_splitpath
free
strstr
_vsnwprintf
_except_handler3
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
_wsplitpath
??3@YAXPAX@Z
??2@YAPAXI@Z

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetOptions
SymSetParentWindow
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
dbghelp
dh
fptr
homedir
lmi
lminfo
omap
srcfiles
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 845KB - Virtual size: 845KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd5ea99cfb243c49b2a2bf38d7c727c5

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 845KB - Virtual size: 845KB

.data Size: 16KB - Virtual size: 111KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 54KB - Virtual size: 53KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 845KB - Virtual size: 845KB

.data
Size: 16KB - Virtual size: 111KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 54KB - Virtual size: 53KB

.rmnet
Size: 56KB - Virtual size: 60KB