05bbc26083e1221523cbde866c139387_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

05bbc26083e1221523cbde866c139387_JaffaCakes118
Size

88KB
MD5

05bbc26083e1221523cbde866c139387
SHA1

973bf774b84dd02e98f89747709af0dbb5c6c190
SHA256

9c161c98a1b84545c52129928b624710bebbd222a130ac6797bd24f9ba904e46
SHA512

8f3a49d2c9cdc96ae83650831356870c51d1e7bc1cdc87f606772239818d12bc82a61718eb3068de28598fb7df367c948b096ecb1615e15c0811db8ad05db316
SSDEEP

1536:ZKiKt53oa41wLGhMUhd8qR0qdawfgSwONJpQICS4AgiFSwjrMhLaBf0l:Ub3oZAGhrhdVXdab4NJpj2WNrbBM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05bbc26083e1221523cbde866c139387_JaffaCakes118

Files

05bbc26083e1221523cbde866c139387_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

449d335ee51e83cd6bcda1805ecc0744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netapi32

Netbios

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

oleaut32

VariantClear
SysAllocString
GetErrorInfo

shlwapi

SHGetValueA
StrStrIA
SHSetValueA

advapi32

RegQueryValueExW
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
RegOpenKeyExA
RegCloseKey
RegOpenKeyExW

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
srand
strerror
isspace
strtok
tolower
toupper
isupper
atoi
tmpnam
fopen
fwrite
fclose
strchr
strncpy
ispunct
isalpha
??2@YAPAXI@Z
??1exception@@UAE@XZ
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler
isalnum
??0exception@@QAE@XZ
printf
__mb_cur_max
wctomb
??0exception@@QAE@ABV0@@Z
malloc
free
_stricmp
strstr

user32

EnumChildWindows
EnumWindows
SystemParametersInfoA
SetWindowPos
RegisterClassExA
CreateWindowExA
OpenClipboard
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
DefWindowProcA
wsprintfA
GetClassNameA
CloseClipboard
GetWindowThreadProcessId
ShowWindow

rpcrt4

UuidToStringA

ole32

CoCreateInstance
CoInitialize
CoCreateGuid

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile
HttpQueryInfoA
InternetSetOptionA

winmm

timeGetTime

kernel32

InterlockedExchange
GetWindowsDirectoryA
lstrcmpiA
lstrcmpA
MultiByteToWideChar
GetModuleFileNameA
FormatMessageA
GetEnvironmentVariableA
lstrlenA
HeapFree
GetFullPathNameA
lstrcpynA
GetLastError
GetSystemDirectoryA
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
HeapSize
HeapAlloc
GetProcessHeap
FreeLibrary
CloseHandle
CreateRemoteThread
WriteProcessMemory
GetProcAddress
VirtualAllocEx
OpenProcess
LoadLibraryA
MoveFileExA
WaitForSingleObject
CreateProcessA
DeleteFileA
LocalFree
GetLocalTime
GetSystemInfo
CreateFileA
SleepEx
GetProcessTimes
GetCurrentProcess
GetVersion
Sleep
GetThreadTimes
GetCurrentThread
GetCurrentDirectoryA
lstrcpyA
DisableThreadLibraryCalls
GetVersionExA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCurrentProcessId
GetModuleHandleA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

449d335ee51e83cd6bcda1805ecc0744

Headers

File Characteristics

Imports

netapi32

psapi

oleaut32

shlwapi

advapi32

msvcrt

user32

rpcrt4

ole32

wininet

winmm

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB