f199d1cb902e8303d2a893f23408ab29_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f199d1cb902e8303d2a893f23408ab29_JaffaCakes118
Size

366KB
MD5

f199d1cb902e8303d2a893f23408ab29
SHA1

422b18ca443867b960e76b0485840ec2aafe7503
SHA256

c99dd15c5b17cb8f314f7067e1f5a6cc87eb54c47627bd8b6012288c5fcefe88
SHA512

ba5eaa1ea3dbbbe6be147ae8dda406c5f97a4113138327f566b7f23c3ae047857dc8e1bb4bd4c94abf6a289a31b6f4aeae32c05619618034a7371c261f573b96
SSDEEP

6144:i3oEiphpUsUxGBTWX9vrYcmUDevh+hV57ykLCLjsq+SfwTBUH4ngTWrbRp+TFN2i:i3oV55NWXtrYKeAL7yk04qPfwTuH4KIi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f199d1cb902e8303d2a893f23408ab29_JaffaCakes118

Files

f199d1cb902e8303d2a893f23408ab29_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

29ea3553a6ff780bd0b40ca410d3101c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrCmpIW
UrlEscapeW
UrlGetPartW
StrStrIW
PathMatchSpecW
UrlUnescapeW

wininet

HttpOpenRequestW
InternetCloseHandle
InternetReadFile
InternetQueryOptionW
HttpQueryInfoW
InternetSetCookieW
InternetOpenW
InternetSetOptionW
HttpSendRequestW
InternetCrackUrlW
InternetConnectW

kernel32

SetEndOfFile
CreateFileA
GetModuleHandleA
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetCurrentDirectoryA
SetFilePointer
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapReAlloc
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
HeapSize
GetProcessHeap
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetFullPathNameW
GetTempFileNameW
GetFileSize
MapViewOfFile
UnmapViewOfFile
VirtualQuery
CreateFileW
LocalAlloc
CreateFileMappingW
CloseHandle
LocalFree
WaitForSingleObject
TerminateThread
Sleep
SetThreadPriority
GetExitCodeThread
FreeLibrary
WriteFile
GetProcAddress
LoadLibraryA
DeleteFileW
WideCharToMultiByte
lstrlenW
GetTempPathW
GetSystemInfo
GetWindowsDirectoryW
GetVolumeInformationW
CreateMutexW
CreateProcessW
GetTickCount
ReleaseMutex
GetSystemTime
MoveFileExW
SetEnvironmentVariableA
HeapAlloc
GetModuleFileNameW
MultiByteToWideChar
SetLastError
lstrcmpW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
FindFirstFileW
InterlockedDecrement
InterlockedIncrement
GetDriveTypeA
CompareStringA
CompareStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
ExitThread
CreateThread
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW

user32

wsprintfW
SetWindowTextW
SetWindowPos
CallWindowProcW
SetWindowLongW
SendMessageW
GetWindowTextW
RealGetWindowClassW
EnumChildWindows
GetWindowLongW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoCreateGuid

oleaut32

VariantChangeType
VariantCopy
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
VariantInit
VariantClear

ws2_32

inet_addr

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

rpcrt4

RpcStringFreeW
UuidToStringW

urlmon

UrlMkGetSessionOption

imagehlp

MapAndLoad
UnMapAndLoad

advapi32

CryptGetHashParam
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptDeriveKey
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
CryptHashData

shell32

SHCreateDirectoryExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29ea3553a6ff780bd0b40ca410d3101c

Headers

File Characteristics

Imports

shlwapi

wininet

kernel32

user32

ole32

oleaut32

ws2_32

version

rpcrt4

urlmon

imagehlp

advapi32

shell32

Exports

Exports

Sections

.text Size: 269KB - Virtual size: 269KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 269KB - Virtual size: 269KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB