f9561ef9ce2fd062f171cd1e8e2fff2b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9561ef9ce2fd062f171cd1e8e2fff2b_JaffaCakes118
Size

285KB
MD5

f9561ef9ce2fd062f171cd1e8e2fff2b
SHA1

e3aff30320e457b169763b48fb541d4a93fe2165
SHA256

f91f0f744281f7c17bf9e15557021d614dbc7ac596b1e4f4dc9eaa8cb523524a
SHA512

1494594c9492bdb75bfdaf0bf383d4f4453fce7ee0d2b92125b3b58fc8840ead646dd2dbb68dd6d75f531243f3b937451ef01675e47420f22c2fd4f236bd333a
SSDEEP

6144:cwvA37WPAt5JcYNx6oU3030w+RXkVaOKnyMahUvml:J251X6oUkkwagCmhgml

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9561ef9ce2fd062f171cd1e8e2fff2b_JaffaCakes118

Files

f9561ef9ce2fd062f171cd1e8e2fff2b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f49ebe3d8369ee15a37a736cb83f65ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

mfc42

ord3830
ord3353
ord2976
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord540
ord860
ord4202
ord2764
ord800
ord354
ord5186
ord1979
ord665
ord823
ord825
ord614
ord6877
ord6648
ord2818
ord5683
ord6779
ord353
ord5773
ord5442
ord6385
ord3831
ord537
ord4278
ord858
ord939
ord4129
ord535
ord3825
ord3079
ord4080
ord4622
ord4424
ord3579
ord859
ord923
ord5608
ord925
ord4204
ord5710
ord690
ord1988
ord3318
ord2803
ord5207
ord389
ord6876
ord6778
ord1601
ord6143
ord6883
ord536
ord6662
ord861
ord6663
ord1158
ord2915
ord2763
ord801
ord924
ord772
ord500
ord541
ord4277
ord926
ord1105
ord290
ord539
ord1200
ord6467
ord1154
ord2486
ord940
ord941
ord922

msvcrt

__dllonexit
atof
time
_adjust_fdiv
_wcsicmp
_strcmpi
memcpy
memset
_CxxThrowException
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
rand
_mbscmp
free
srand
malloc
realloc
atoi
rename
printf
localtime
asctime
fopen
__CxxFrameHandler
fputs
fclose
sprintf
_except_handler3
_onexit
strstr

kernel32

LocalFree
GetVersion
GetVersionExA
lstrcmpA
lstrcatA
ExpandEnvironmentStringsA
FindNextFileA
FindFirstFileA
MulDiv
FreeLibrary
lstrcpyA
lstrcpynA
ReadFile
GetLocaleInfoA
OpenFile
WriteFile
GetProcAddress
LoadLibraryA
GetExitCodeProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetSystemDirectoryA
GetLastError
GetCurrentProcess
CopyFileA
CreateProcessA
WideCharToMultiByte
Sleep
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
ResumeThread
CreateThread
lstrlenA
GetWindowsDirectoryA
CloseHandle
GetFileSize
CreateFileA
GetModuleFileNameA
DeleteFileA
TerminateProcess

user32

ReleaseDC
ScreenToClient
ClientToScreen
ShowWindow
SetDlgItemTextA
GetWindowDC
IsCharAlphaNumericA
IsWindow
PostMessageA
GetParent
GetWindowThreadProcessId
IsChild
SetWindowTextA
MessageBoxA
SetWindowPos
GetWindowRect
GetDesktopWindow
GetCursorPos
CallWindowProcA
GetDlgItemTextA
EndDialog
GetDlgItem
GetDC
DialogBoxParamA
GetSystemMetrics
EnumWindows
SetFocus
WaitForInputIdle
GetForegroundWindow
MessageBoxW
wsprintfA
SetForegroundWindow
EnableWindow
SetWindowLongA
SendMessageA
FindWindowExA

gdi32

GetDeviceCaps
SetBkColor
SetTextColor
CreateFontA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetPixel
DeleteObject
CreateSolidBrush

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegEnumKeyExA
OpenProcessToken
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA

shell32

ShellExecuteA

olepro32

ord252

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
VariantClear
SysAllocStringLen
SysAllocStringByteLen
VariantInit
VariantCopy
SysAllocString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
OleSavePictureFile
OleLoadPicturePath
GetErrorInfo
SysStringByteLen

wininet

FindCloseUrlCache
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
InternetOpenUrlA
FtpCreateDirectoryA
FtpFindFirstFileA
FtpOpenFileA
InternetWriteFile
InternetFindNextFileA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
FindNextUrlCacheEntryA
InternetCloseHandle
InternetReadFile

ws2_32

WSACleanup
inet_ntoa
gethostbyname
WSAStartup

crypt32

CertCloseStore
CertOpenSystemStoreA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f49ebe3d8369ee15a37a736cb83f65ad

Headers

File Characteristics

Imports

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

olepro32

ole32

oleaut32

wininet

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 203KB

.text1 Size: 29KB - Virtual size: 29KB

.data1 Size: 32KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 204KB - Virtual size: 203KB

.text1
Size: 29KB - Virtual size: 29KB

.data1
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB