0b2d10bc74a8a3a5e26628da388c174e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b2d10bc74a8a3a5e26628da388c174e_JaffaCakes118
Size

241KB
MD5

0b2d10bc74a8a3a5e26628da388c174e
SHA1

b0f1d79b08916247cbc4d98cc24e35da90f64db9
SHA256

17078858a12fc38ae523102b665035b6b3244955a3435e1d3692d6809537a12f
SHA512

19a871048fce97ec726301c55fcf52fed9672bf1a1289a7bdf66531eef715faa95f386179511c49bf8a1db2e0d3e4f50b6e70acf329e1c51ec317cac66fc96a6
SSDEEP

6144:K1SoIPYa6AmYK3NV1mbY3BUYcyZHX99KFhxZLMZeCslbx:K1SoIPYa6PJrgbmUcXvKFhxZLv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b2d10bc74a8a3a5e26628da388c174e_JaffaCakes118

Files

0b2d10bc74a8a3a5e26628da388c174e_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

01017a5c81fb87c3d32d358735618dab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imagehlp

UnMapAndLoad
MapAndLoad

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

urlmon

UrlMkGetSessionOption
URLDownloadToFileW

wininet

InternetConnectW
InternetQueryOptionW
HttpOpenRequestW
InternetOpenW
InternetQueryOptionA
HttpQueryInfoW
InternetCloseHandle
InternetReadFile
InternetSetOptionW
HttpSendRequestW
InternetCrackUrlW

shlwapi

StrStrIW
SHDeleteKeyW
SHGetValueW
SHDeleteValueW
SHSetValueW
SHRegSetUSValueW
UrlEscapeW
PathStripPathW
StrStrIA
UrlGetPartW
StrCmpIW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

rpcrt4

UuidToStringW
RpcStringFreeW

kernel32

InitializeCriticalSectionAndSpinCount
GetOEMCP
GetACP
GetCPInfo
GetSystemTime
CreateEventW
CloseHandle
OpenProcess
TerminateProcess
OpenMutexW
WaitForSingleObject
CreateProcessW
SetEvent
CreateMutexW
GetCommandLineW
ExitProcess
CreateThread
ExitThread
Sleep
GetModuleFileNameW
lstrlenW
lstrcpyW
DeleteFileW
lstrcpynA
InterlockedIncrement
InterlockedDecrement
lstrcmpiA
FreeLibrary
IsBadReadPtr
VirtualProtect
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
GlobalFree
ResetEvent
MoveFileExW
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
SetHandleCount
GetTempFileNameW
GetTickCount
LocalAlloc
LocalFree
GetLastError
GetLocalTime
SystemTimeToFileTime
VirtualQuery
GetSystemInfo
GetSystemWindowsDirectoryW
GetVolumeInformationW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
GetLocaleInfoA
WriteFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersion
GetCurrentProcessId
GetCurrentThreadId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
OpenThread
SuspendThread
ResumeThread
GetModuleFileNameA
GetStdHandle
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
HeapAlloc
HeapFree
RtlUnwind
RaiseException
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
LCMapStringA
UnmapViewOfFile
IsValidCodePage
GetEnvironmentVariableW
GetCommandLineA
IsDebuggerPresent
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc

user32

GetClassNameW
MsgWaitForMultipleObjects
CharUpperW
PeekMessageW
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId
CharLowerW
SetWindowTextW
ClientToScreen
OffsetRect
EnumChildWindows
PostMessageW

advapi32

SetNamedSecurityInfoW
DeleteAce
GetAce
GetNamedSecurityInfoW
ConvertSidToStringSidA
GetTokenInformation
OpenProcessToken
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptGetKeyParam
CryptSetKeyParam
CryptImportKey
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegDeleteKeyW
RegQueryValueW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyW
RegSetValueW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW

ole32

CoCreateInstance
OleInitialize
OleUninitialize
CLSIDFromString
CoTaskMemFree

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayPutElement
SysAllocStringByteLen
SysAllocString
SysStringByteLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMProcedure
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01017a5c81fb87c3d32d358735618dab

Headers

File Characteristics

Imports

imagehlp

crypt32

urlmon

wininet

shlwapi

version

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 178KB - Virtual size: 177KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 192B

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 192B

.reloc
Size: 14KB - Virtual size: 13KB