0d8384e22f0a9ba42ab1d68f581eb1cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d8384e22f0a9ba42ab1d68f581eb1cb_JaffaCakes118
Size

212KB
MD5

0d8384e22f0a9ba42ab1d68f581eb1cb
SHA1

1dfb51331cbfb3ba251dc14650524d7f2cf59694
SHA256

aef1099fab964452a979ef0c8696148f27f56071d633214f1dd142c376bbc832
SHA512

130e6570a681728d0efb3baceed93e8e9a054078ea72d9138150925b64cf83d29f0f0476cc8b9aa4b5c8316bedbe5ce95715a1d019f5d4d1b743a6221b228abd
SSDEEP

3072:St/B24rXSn8uff5l+zMP1XCUFshfNczr43k1vN77e7CtqMmQoU9+GpiKUtJbdhh:IhT0uzoXCUINcf6kq7imQpFgFTh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d8384e22f0a9ba42ab1d68f581eb1cb_JaffaCakes118

Files

0d8384e22f0a9ba42ab1d68f581eb1cb_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

18567a025979f3c9c0a503292698e284

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEnvironmentVariableA
SetEndOfFile
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
GetStringTypeA
IsBadCodePtr
SetLastError
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
DisableThreadLibraryCalls
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
HeapDestroy
LoadResource
IsBadReadPtr
SizeofResource
MoveFileExW
MulDiv
FlushInstructionCache
GetCurrentProcess
HeapAlloc
SetFilePointer
FindClose
GetProcessHeap
HeapFree
GlobalFree
DebugBreak
InterlockedIncrement
Sleep
Beep
GetTickCount
GetSystemTime
SystemTimeToFileTime
InterlockedDecrement
GetFileSize
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
FreeLibrary
ExitProcess
TlsGetValue
TlsFree
TlsAlloc
GetVersion
GetCommandLineA
GetLocalTime
GetTimeZoneInformation
RaiseException
GetFileAttributesA
HeapReAlloc
RtlUnwind
ExitThread
TlsSetValue
CreateThread
LocalFree
ReadFile
WriteFile
CloseHandle
TerminateThread
EnterCriticalSection
LeaveCriticalSection
GetLastError
lstrlenA
GetCurrentThreadId
DeleteCriticalSection
SetUnhandledExceptionFilter

user32

GetFocus
SetWindowPos
GetDlgItem
ShowWindow
DestroyMenu
KillTimer
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetClientRect
CreatePopupMenu
DestroyIcon
SetTimer
ReleaseDC
GetDC
GetSystemMetrics
GetAsyncKeyState
MapWindowPoints
TranslateMessage
GetParent
GetSubMenu
IsWindow
GetMenuItemCount
SetFocus
CopyRect
RedrawWindow
TrackPopupMenuEx
CreateMenu
DestroyWindow

gdi32

GetDeviceCaps
GetDIBits
SetDIBits
CreateCompatibleBitmap
DeleteDC
DeleteObject
GetStockObject

advapi32

RegSetKeySecurity
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
CryptReleaseContext

shell32

SHEmptyRecycleBinW
SHGetSpecialFolderPathW

ole32

CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
StringFromCLSID

oleaut32

LoadTypeLi
VarUI4FromStr
RegisterTypeLi
SysAllocString
SysFreeString
SysStringLen
VariantClear
LoadRegTypeLi
VariantInit
SysAllocStringLen
OleLoadPicture

comctl32

ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
InitCommonControlsEx

urlmon

URLDownloadToFileW

wininet

InternetReadFile
InternetQueryDataAvailable
InternetOpenUrlW
InternetOpenW
InternetAttemptConnect
InternetConnectW
InternetSetOptionW
HttpSendRequestW
HttpAddRequestHeadersW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW

netapi32

Netbios

winmm

timeGetTime

shlwapi

SHDeleteKeyW

atl

ord47
ord42

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18567a025979f3c9c0a503292698e284

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

urlmon

wininet

netapi32

winmm

shlwapi

atl

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 134KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 24KB - Virtual size: 29KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 136KB - Virtual size: 134KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 24KB - Virtual size: 29KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 16KB - Virtual size: 12KB