f5d977dc2520e7cb312a885ef10d81b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f5d977dc2520e7cb312a885ef10d81b5_JaffaCakes118
Size

241KB
MD5

f5d977dc2520e7cb312a885ef10d81b5
SHA1

7a17adcec665930d9ce9147b83e0d47bc0d0cb73
SHA256

e4b5ed1bf0914a096bdef151c5e3e93022892c6109f92e497c78609898e9b8d6
SHA512

9dc00cb8fe0f7ed15704b5746dbdb85ddec4070277b2502cc417e76d7d0d1a64a245f0db39f13096d9fdf24b1c8b60e1035f31fc2e3d305979ba693c9eff5691
SSDEEP

3072:iN+O2ORm+s8DsMNUNXQxmAfIrjlYTfuv5dgGNApJJJiolPXg8Xc17cVt:I+OC8UNeIrguv5d5N0J74nNcVt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5d977dc2520e7cb312a885ef10d81b5_JaffaCakes118

Files

f5d977dc2520e7cb312a885ef10d81b5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7beb56beaaaa64ba000f7a0b53e68130

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

mfc42

ord4622
ord4424
ord3579
ord614
ord290
ord6876
ord6778
ord859
ord2764
ord4202
ord860
ord800
ord941
ord537
ord540
ord825
ord823
ord535
ord858
ord925
ord939
ord6779
ord4278
ord6663
ord6648
ord6877
ord5683
ord2818
ord665
ord1979
ord4080
ord5442
ord5773
ord353
ord6385
ord3079
ord3825
ord3831
ord3830
ord3353
ord2976
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5572
ord4204
ord923
ord389
ord5207
ord2803
ord3318
ord1988
ord690
ord5710
ord1105
ord1158
ord541
ord500
ord801
ord772
ord6662
ord536
ord6143
ord2763
ord5608
ord6883
ord539
ord926
ord1601
ord861
ord1154
ord6467
ord1200
ord2486
ord940
ord2915
ord924
ord922
ord4277
ord4129

msvcrt

_onexit
__CxxFrameHandler
atoi
_adjust_fdiv
_strcmpi
_wcsicmp
_strlwr
_CxxThrowException
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
free
malloc
atof
time
fclose
fputs
fopen
rand
srand
_ftol
sprintf
realloc
_mbscmp
strstr
printf
asctime
_except_handler3
__dllonexit
rename
localtime

kernel32

LocalFree
ExpandEnvironmentStringsA
CopyFileA
FindFirstFileA
FindNextFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
MulDiv
GetVersionExA
GetLocaleInfoA
GetVolumeInformationA
GetVersion
GetLastError
lstrcmpA
FreeLibrary
lstrcpyA
lstrcatA
LoadLibraryA
GetProcAddress
WriteFile
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
WideCharToMultiByte
CreateProcessA
CreateThread
ResumeThread
lstrlenA
GetWindowsDirectoryA
GetSystemDirectoryA
OpenFile
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetUserDefaultLangID
MoveFileA
Sleep
DeleteFileA
GetModuleFileNameA
lstrcpynA

user32

GetDlgItemTextA
MessageBoxW
FindWindowExA
CallWindowProcA
SetWindowLongA
SetForegroundWindow
SendMessageA
EndDialog
MessageBoxA
GetParent
PostMessageA
IsWindow
EnumWindows
SetFocus
WaitForInputIdle
GetDlgItem
ShowWindow
SetDlgItemTextA
ReleaseDC
ScreenToClient
ClientToScreen
GetCursorPos
GetDesktopWindow
GetWindowRect
SetWindowPos
GetWindowDC
GetDC
DialogBoxParamA
GetSystemMetrics
EnableWindow
wsprintfA
GetForegroundWindow
GetWindowThreadProcessId
IsChild
SetWindowTextA
IsCharAlphaNumericA

gdi32

GetDeviceCaps
SetPixel
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreateSolidBrush
SetTextColor
SetBkColor
DeleteObject

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

shell32

SHFileOperationA
ShellExecuteA

olepro32

ord252

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SafeArrayUnaccessData
SafeArrayCreateVector
VariantInit
SysAllocStringLen
VariantCopy
SysAllocStringByteLen
SysStringByteLen
OleLoadPicturePath
OleSavePictureFile
SysAllocString
GetErrorInfo
SafeArrayAccessData

wininet

InternetOpenUrlA
InternetFindNextFileA
FtpOpenFileA
FtpFindFirstFileA
InternetWriteFile
FtpCreateDirectoryA
DeleteUrlCacheEntry
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetCloseHandle
InternetReadFile
HttpSendRequestA
InternetOpenA
HttpOpenRequestA
InternetConnectA

ws2_32

WSAStartup
gethostbyname
inet_ntoa
WSACleanup

crypt32

CertOpenSystemStoreA
CertCloseStore

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7beb56beaaaa64ba000f7a0b53e68130

Headers

File Characteristics

Imports

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

olepro32

ole32

oleaut32

wininet

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 221KB - Virtual size: 221KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 221KB - Virtual size: 221KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 16KB - Virtual size: 16KB