0a54a48d796a083d0bb941b049dd68c4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a54a48d796a083d0bb941b049dd68c4_JaffaCakes118
Size

50KB
MD5

0a54a48d796a083d0bb941b049dd68c4
SHA1

5bb932ac24b9768478f25cf9189a3dcd6f3c8303
SHA256

2e048b332fe83c5dd954e5905de01161ce248f81732a91e57c8ba96a3c2a3da0
SHA512

4e810cb94ce45e85093cff35da84344899f6bde17aa5846bbde2277e978374cdeecdbbc79258155afa8610c919a979966a5f77737530a12e00cb717d46583547
SSDEEP

768:naEVut+DBnZBgCZePn9MP1m1OfmVllks2KP7kvom9cXHHnFporYCoulehKiSSrDL:a7+ZWP9DnnorloJhKiDrDL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a54a48d796a083d0bb941b049dd68c4_JaffaCakes118

Files

0a54a48d796a083d0bb941b049dd68c4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b79e811188182ad4cd930a6282cca5bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_purecall
_initterm
wcstombs
ftell
fopen
fseek
fclose
fread
fwrite
strcat
strchr
tolower
atoi
strcmp
strcpy
atol
exit
memcmp
strtok
strncpy
??3@YAXPAX@Z
strlen
strstr
memcpy
memset
realloc
malloc
free
??2@YAPAXI@Z

kernel32

FormatMessageA
FindResourceA
GetCurrentProcess
GetLastError
GetTempPathA
GetCurrentThreadId
FlushInstructionCache
DeleteFileA
CopyFileA
CreateFileA
WriteFile
GetPrivateProfileStringA
FindFirstFileA
FindClose
CloseHandle
TerminateProcess
CreateDirectoryA
OpenProcess
GetProcessHeap
HeapAlloc
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
HeapDestroy
GetFileAttributesA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
Sleep
HeapFree
HeapReAlloc

user32

DialogBoxParamA
GetWindowLongA
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
SetWindowLongA
SetWindowTextA
GetDlgItem
SendDlgItemMessageA
GetParent
EndDialog
GetActiveWindow
EnumThreadWindows
EnumWindows
GetWindowTextA
IsWindow
GetWindowThreadProcessId
BringWindowToTop
TranslateMessage
DispatchMessageA
EnableWindow
ShowWindow
KillTimer
SetTimer
wsprintfA
MessageBoxA
CharNextA
PostMessageA

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoTaskMemRealloc
CoInitialize

oleaut32

SysFreeString
SysStringLen
VarUI4FromStr
SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
VariantClear

advapi32

RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

rasapi32

RasGetEntryPropertiesA
RasGetConnectStatusA
RasSetEntryDialParamsA
RasEditPhonebookEntryA
RasEnumConnectionsA
RasHangUpA
RasGetEntryDialParamsA
RasDialA
RasEnumDevicesA
RasEnumEntriesA
RasSetEntryPropertiesA
RasGetErrorStringA

wininet

InternetQueryOptionA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState

setupapi

SetupIterateCabinetA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation

wsock32

gethostbyname
gethostname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b79e811188182ad4cd930a6282cca5bf

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ole32

oleaut32

advapi32

rasapi32

wininet

setupapi

shell32

wsock32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 10KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 3KB