03e467ef28e56d25a83ee7849a942aca_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

03e467ef28e56d25a83ee7849a942aca_JaffaCakes118
Size

376KB
MD5

03e467ef28e56d25a83ee7849a942aca
SHA1

81fe37ad0ce3a474349b8c93c3a3a912fd8dbc07
SHA256

d787c84230e4de23a12da642a52526dabdaadc6c0e73b37a02c551acff1320f2
SHA512

1fea04efb19cbccf088862fcd4d19ddcf31b32f81504239243754a5588388322501456e8ce3d8a0807b5553e937909fe77c80c97f0f1210cf49ec26b9b5313c3
SSDEEP

6144:7mmLVX+Pjq7QOJDd3H+UMGNwX4SvsJUJJS:7Ajq7f9VSX4G/JS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03e467ef28e56d25a83ee7849a942aca_JaffaCakes118

Files

03e467ef28e56d25a83ee7849a942aca_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fb89e3b21f3a75f7c01a3f0414abe8d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceA
GetLastError
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetProcAddress
LoadLibraryA
HeapDestroy
lstrcpyA
lstrcatA
Sleep
CloseHandle
GetCurrentThreadId
GetTickCount
WriteFile
CreateFileA
ReadFile
GetFileSize
GetVersionExA
GetSystemDirectoryA
TerminateThread
CreateThread
IsValidCodePage
LoadResource
FindClose
CreateDirectoryA
FindFirstFileA
GetCurrentProcessId
GetComputerNameA
FindNextFileA
LocalFree
LocalAlloc
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetLocalTime
HeapFree
HeapAlloc
GetProcessHeap
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
DisableThreadLibraryCalls
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileA
IsValidLocale
SetConsoleCtrlHandler
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetFilePointer
IsBadCodePtr
IsBadReadPtr
RaiseException
ExitThread
TlsSetValue
HeapReAlloc
RtlUnwind
GetCommandLineA
GetVersion
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
GetEnvironmentVariableA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
ExitProcess
FatalAppExitA
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
GetSystemTime

user32

wsprintfA
PostThreadMessageA
LoadStringA
PeekMessageA
CharNextA
DispatchMessageA
TranslateMessage

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoInitializeEx
ProgIDFromCLSID
CLSIDFromProgID
OleRun
CLSIDFromString

oleaut32

VariantChangeType
VariantTimeToSystemTime
VariantInit
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VectorFromBstr
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
CreateErrorInfo
SetErrorInfo
VariantClear
SysAllocStringLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr
GetErrorInfo

ws2_32

getservbyname
htonl
inet_ntoa
WSASetLastError
htons
inet_addr
gethostbyname
shutdown
closesocket
setsockopt
socket
WSAGetLastError
send
recv
WSACleanup
WSAStartup
getsockname
connect
select
bind
ioctlsocket
getservbyport
ntohs
gethostbyaddr

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb89e3b21f3a75f7c01a3f0414abe8d6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

wininet

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 246KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 32KB - Virtual size: 36KB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 248KB - Virtual size: 246KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 32KB - Virtual size: 36KB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 16KB - Virtual size: 15KB