eb67b0ddd86050ee8152d1f26f9dce99_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb67b0ddd86050ee8152d1f26f9dce99_JaffaCakes118
Size

180KB
MD5

eb67b0ddd86050ee8152d1f26f9dce99
SHA1

7e9efa0cd7265d563f3effcf2fec55f993d7d904
SHA256

740b3fd5fa2f4a72c43d051a2bbcae2f30d9b51aec9b694c4a93125d542f4708
SHA512

c91ec52f89be5c4bc6d0a69ab52df29c50c190e6fcadf3fc54ca1746b3ae285c60cd4f3d392ac7ec190217a1837cd831caa7f6de099aa786e6eec1faeef4b413
SSDEEP

3072:AGLjzefWXDvMY+DBtC7P4C9nSNGGaB09yzqTXW7HIj:Fv8mTMYWCf9Iae9yz0XW7oj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb67b0ddd86050ee8152d1f26f9dce99_JaffaCakes118

Files

eb67b0ddd86050ee8152d1f26f9dce99_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

abe9ba5afcf79e39f659d3a36fc83f7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
WritePrivateProfileStringA
GetComputerNameA
GetFileAttributesExA
lstrcmpA
UnmapViewOfFile
DebugBreak
GetStringTypeExA
GetThreadLocale
WriteProcessMemory
GlobalLock
HeapCreate
GetTickCount
CreateFileMappingA
GetFileAttributesA
IsDBCSLeadByte
lstrcpynA
lstrcpyA
CreateRemoteThread
LocalFree
VirtualFreeEx
WaitForSingleObject
GetExitCodeThread
GetVersionExA
GetSystemInfo
HeapAlloc
DisableThreadLibraryCalls
FlushInstructionCache
GetPrivateProfileStringA
GetPrivateProfileIntA
OpenFileMappingA
MapViewOfFile
InterlockedIncrement
lstrlenA
DeleteFileA
MultiByteToWideChar
GetWindowsDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
GetModuleFileNameA
GetCurrentDirectoryA
lstrlenW
WideCharToMultiByte
Sleep
VirtualAllocEx
FreeLibrary
OpenProcess
TerminateProcess
Thread32First
OpenThread
TerminateThread
Thread32Next
Module32First
Module32Next
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
CloseHandle
InterlockedDecrement
GetModuleFileNameW
LoadLibraryW
OutputDebugStringA
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLastError
SetLastError
GlobalUnlock

user32

SetTimer
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
AdjustWindowRectEx
GetMenu
DrawStateA
GetDlgCtrlID
GetCapture
DrawEdge
InflateRect
FillRect
SetRectEmpty
UpdateWindow
ClientToScreen
CopyRect
GetCursorPos
PtInRect
CharUpperA
MapWindowPoints
CreatePopupMenu
InsertMenuItemA
TrackPopupMenu
DestroyMenu
LoadImageA
SetCapture
ReleaseCapture
GetDC
DrawFocusRect
GetForegroundWindow
GetWindowTextLengthA
GetKeyState
TranslateMessage
DispatchMessageA
PostMessageA
GetWindowDC
ReleaseDC
wvsprintfA
CharLowerA
IsWindowVisible
CallWindowProcA
DrawTextA
GetWindowTextA
ScreenToClient
InvalidateRect
EndPaint
LoadCursorA
SetCursor
DestroyCursor
DefWindowProcA
SetWindowTextA
LoadBitmapA
BeginPaint
GetDlgItem
GetSysColor
GetWindowLongA
SystemParametersInfoA
SetWindowPos
SetFocus
GetFocus
GetClassNameA
GetSystemMetrics
SendMessageA
GetWindowRect
IsWindow
CharNextA
SetWindowLongA
LoadStringA
KillTimer
GetWindow
CreateWindowExA
GetParent
FindWindowExA
DestroyWindow
SetParent
GetClientRect
MoveWindow
ShowWindow
IsWindowEnabled

gdi32

GetStockObject
SetBkColor
DeleteObject
CreateFontIndirectA
GetObjectA
SelectObject
SetTextColor
SetBkMode
CreatePen
CreateSolidBrush
GetTextExtentPoint32A
DeleteDC
Rectangle
ExtTextOutA

advapi32

RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA
ShellExecuteExA

ole32

ReleaseStgMedium
CoCreateInstance
RegisterDragDrop

oleaut32

SysAllocString
VariantChangeType
VariantInit
VariantClear
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString

atl

ord23
ord43
ord44
ord21
ord42
ord46
ord32
ord16
ord15
ord18
ord57
ord58
ord30
ord10
ord31
ord11
ord38
ord47

msimg32

GradientFill

msvcrt

??3@YAXPAX@Z
memcpy
sprintf
time
__CxxFrameHandler
_except_handler3
??2@YAPAXI@Z
printf
memcmp
_beginthread
strcpy
memset
fread
rewind
ftell
fseek
_itoa
fopen
_splitpath
strstr
fclose
fwrite
strlen
wcslen
memmove
strcat
strcmp
atoi
_purecall
sscanf
_strlwr
strncpy
_ftol
fgets
atol
fflush
srand
free
realloc
wcscpy
_CxxThrowException
?terminate@@YAXXZ
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
_stricmp
rand

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

ws2_32

inet_addr
inet_ntoa
gethostbyname
WSACleanup
WSAStartup

iphlpapi

SendARP

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abe9ba5afcf79e39f659d3a36fc83f7e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl

msimg32

msvcrt

wininet

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 28KB - Virtual size: 25KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 12KB - Virtual size: 9KB