8526e0a165aa815460f22d4199f95189_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8526e0a165aa815460f22d4199f95189_JaffaCakes118
Size

301KB
MD5

8526e0a165aa815460f22d4199f95189
SHA1

b0b5feaff235c6e0fb0c12402b7d9f07148352fb
SHA256

b6cbc586e3222b660f7088c4f4a5e3e2268b9999bb923d824155afbdef24a6d8
SHA512

a52851ed18543ece1e219647582fa3d1b13a401a2a6844fe0a052cdc3943b441377e9d9de0844c9758419ff89e65b5fdbde3e2f0db52e446af9cbd3c9ad8b173
SSDEEP

6144:cvvVfkuAlSzS7iM6VRSGA/vxYM/8I5wGKzMN12lL:cvvVfkuAOiiM6GrCm8GSesl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8526e0a165aa815460f22d4199f95189_JaffaCakes118

Files

8526e0a165aa815460f22d4199f95189_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

70f33a306b0f4707211a707d8708d49b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegisterEventSourceW
ReportEventW
DeregisterEventSource
LsaClose
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
GetCurrentHwProfileW
CryptImportKey
CryptExportKey
CryptGenKey
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
LsaStorePrivateData
LsaNtStatusToWinError
LsaOpenPolicy
RegQueryValueExW
CheckTokenMembership
LsaFreeMemory
LsaRetrievePrivateData
CryptVerifySignatureW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW

crypt32

CertGetIssuerCertificateFromStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCreateCertificateContext
CertFindExtension
CertOpenStore
CertComparePublicKeyInfo
CertCloseStore
CryptEncodeObject
CryptExportPublicKeyInfo
CryptSignCertificate
CertEnumCertificatesInStore
CertVerifySubjectCertificateContext

kernel32

LocalFree
LocalAlloc
DeviceIoControl
GetShortPathNameW
LoadLibraryExW
GetLastError
FindResourceW
LoadResource
SizeofResource
lstrlenA
DisableThreadLibraryCalls
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
lstrcatW
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrcpynW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrcpyW
lstrlenW
MultiByteToWideChar
GetProcessHeap
HeapFree
GetSystemDefaultLCID
CreateEventW
SystemTimeToFileTime
SetEvent
CloseHandle
WaitForSingleObject
GetSystemTime
lstrcmpW
CreateThread
WriteFile
CreateFileA
LockResource
FindResourceExW
GetSystemDirectoryW
WideCharToMultiByte
HeapAlloc
GetSystemDirectoryA
Sleep
GetTickCount
lstrcpyA
GlobalMemoryStatus
lstrcmpA
LoadLibraryA
GetVolumeInformationW
GetDriveTypeA
GetLogicalDriveStringsA
GetSystemInfo
GetExitCodeThread
ResumeThread
SetThreadAffinityMask
GetProcessAffinityMask
GetCurrentProcess
ReadFile
SetFilePointer
ReleaseMutex
DebugBreak
GetFileSize
CreateMutexW
OpenMutexW
HeapCreate
HeapReAlloc
GetACP
GetVersionExW
GetModuleHandleW
FileTimeToSystemTime
CopyFileW
GetCurrentProcessId
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
QueryPerformanceCounter
GetLocalTime
GetCurrentThreadId
GetVersionExA
RtlUnwind
InitializeCriticalSectionAndSpinCount
CreateSemaphoreA
VirtualAlloc
CreateEventA
ExitProcess
VirtualFree
ReleaseSemaphore
VirtualProtect
FlushInstructionCache
GetSystemTimeAsFileTime
SetLastError

msvcrt

??3@YAXPAX@Z
_snwprintf
wcschr
_CIpow
_wcsupr
wcsncmp
wcsncat
_wtoi
_itow
_wcsicmp
wcscpy
wcstok
_wtol
__CxxFrameHandler
_ftol
ceil
wcslen
wcsncpy
atol
_adjust_fdiv
_initterm
_purecall
??2@YAPAXI@Z
realloc
free
malloc

ntdll

NtLockProductActivationKeys
NtQuerySystemInformation
RtlTimeToTimeFields

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString

rpcrt4

UuidCreate

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

user32

GetSystemMetrics
wsprintfA
CharNextW
wsprintfW
SetTimer
KillTimer
GetDesktopWindow

wininet

InternetConnectA
InternetReadFile
InternetQueryOptionW
InternetSetOptionA
HttpSendRequestW
InternetOpenA
InternetErrorDlg
InternetCloseHandle
InternetAutodialHangup
InternetGetConnectedState
InternetAutodial
HttpOpenRequestA
HttpQueryInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70f33a306b0f4707211a707d8708d49b

Headers

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

ntdll

ole32

oleaut32

rpcrt4

setupapi

user32

wininet

Exports

Exports

Sections

.text Size: 262KB - Virtual size: 262KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 262KB - Virtual size: 262KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 12KB - Virtual size: 12KB