f4162f0a5a424c139b0eecfec07a469e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f4162f0a5a424c139b0eecfec07a469e_JaffaCakes118
Size

180KB
MD5

f4162f0a5a424c139b0eecfec07a469e
SHA1

c8be16cece52b8f9a2c3f4d213691eeb7ecbbda3
SHA256

78cd12bfc7ea245916e3f9ad7668e46bfc759c775dd611730af3797d43c684c8
SHA512

ea5c8873c3904c203832597d53d90adf08fc0d567806501523ccf1976d3bb75766f0c24434c92e76916a18ed758dd68842dedfda2438244f2b58f932a07338f4
SSDEEP

3072:KVWJUAhR5LUoqyWRnwZTxwY0QxkiTQRv+X+UBEnI1pYBT3o7ylsFcEkAHZ:BpdhNx0QhTQRmOUBEipi0nFQA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4162f0a5a424c139b0eecfec07a469e_JaffaCakes118

Files

f4162f0a5a424c139b0eecfec07a469e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

96ebd9b0edf7c74af61903ebbe28d006

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
SetFilePointer
CreateFileA
SetEndOfFile
WriteFile
ReadFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
FlushFileBuffers
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
DeleteCriticalSection
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
HeapSize
TerminateProcess
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
ExitProcess
RaiseException
GetVersion
GetCommandLineA
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
InterlockedExchange
Sleep
HeapDestroy
InitializeCriticalSection
DisableThreadLibraryCalls
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleFileNameA
GetShortPathNameA
lstrcmpA
GetCurrentThreadId
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
EnterCriticalSection
DeleteFileA
LeaveCriticalSection
WideCharToMultiByte
OutputDebugStringA
DebugBreak
MultiByteToWideChar
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
lstrlenA
GetFileAttributesA
CreateProcessA
WaitForSingleObject
GetModuleHandleA
GetTempPathA
lstrcatA
lstrcpyA
SetHandleCount

user32

DrawTextA
EndPaint
SetDlgItemTextA
BeginPaint
FillRect
GetClientRect
SetWindowTextA
GetWindowRect
SetWindowPos
InvalidateRect
UpdateWindow
GetDlgItem
EnableWindow
LoadStringA
SendMessageA
ShowWindow
DefWindowProcA
wsprintfA
SetWindowLongA
GetWindowLongA
CallWindowProcA
CharUpperA
wvsprintfA
CharNextA
CharLowerA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
GetWindow
GetWindowTextA
GetWindowTextLengthA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
UnionRect
PtInRect
GetKeyState
GetClassNameA
DestroyWindow
InvalidateRgn
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetParent
GetDC
GetDesktopWindow
ReleaseDC
RedrawWindow
GetFocus
IsChild
SetFocus
GetSysColor
CreateDialogParamA
IsWindow

gdi32

CreateMetaFileA
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateDCA
SaveDC
SetWindowOrgEx
SetViewportOrgEx
RestoreDC
GetObjectA
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
SetBkMode
GetStockObject
SelectObject
CreateRectRgn
SelectClipRgn
DeleteObject
CreateSolidBrush
SetBkColor
SetTextColor
SetMapMode
LPtoDP

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

ole32

CoCreateInstance
CreateDataAdviseHolder
CoTaskMemFree
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemRealloc
OleLockRunning
CoTaskMemAlloc
OleRegGetMiscStatus
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
StringFromCLSID
CLSIDFromString
ProgIDFromCLSID

oleaut32

DispCallFunc
OleCreatePropertyFrame
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
SysStringLen
SysAllocString
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
SysFreeString

urlmon

URLDownloadToFileA

ws2_32

recv
WSAStartup
WSACleanup
shutdown
closesocket
gethostbyname
htons
socket
connect
WSAGetLastError
WSAAsyncSelect
send

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96ebd9b0edf7c74af61903ebbe28d006

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

urlmon

ws2_32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 11KB