0d6b70d1b56b77f9142d408852961fdf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d6b70d1b56b77f9142d408852961fdf_JaffaCakes118
Size

332KB
MD5

0d6b70d1b56b77f9142d408852961fdf
SHA1

7ea50acf7ac6b199280ea2d2c94bd5d05c0bb38c
SHA256

45975513fca5bcc3ed9698b9c737f302b2c4913b42e4d7ed137e9dc1931de186
SHA512

35370250ab94559b9febc0bbc8a893eeb41765e5668af55845debf3e63790530b05c20d71824e6f404bc777dade715b2b86e57f5ebf94f94fcc03f7eaa438899
SSDEEP

3072:VnKrJ7KQZtCuiC4IhsGIJH1P1l9tvJCH6KGDT4Dq6qFCbR5kBKC+1B4LHUtCrUQU:grJlWJH3tvbKGsEFCbPkq1G/tdu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d6b70d1b56b77f9142d408852961fdf_JaffaCakes118

Files

0d6b70d1b56b77f9142d408852961fdf_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

641761d66d132ced269952cb04c44924

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
Sleep
CreateThread
CloseHandle
ReadFile
SetFilePointer
CreateFileA
CreateProcessA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
lstrcmpA
MulDiv
GetCurrentThreadId
SetLastError
VirtualProtect
LockResource
GetProcessId
DisableThreadLibraryCalls
GetCurrentProcessId
SetThreadLocale
GetThreadLocale
VirtualAlloc
IsBadReadPtr
VirtualFree
HeapAlloc
GetProcessHeap
WaitForSingleObject
HeapFree
InterlockedCompareExchange
GetVersionExA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
GetModuleFileNameA
FlushFileBuffers
lstrlenA
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStartupInfoA
SetHandleCount
GetFileType
SetStdHandle
GetCurrentDirectoryA
GetFullPathNameA
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
HeapCreate
HeapDestroy
GetCommandLineA
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
InterlockedDecrement
InterlockedIncrement
WriteConsoleA
lstrcmpiA
GetLocaleInfoA
GetACP
InterlockedExchange
LocalFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetSystemInfo
VirtualQuery
RtlUnwind
HeapReAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetStringTypeW
GetProcAddress
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
FindFirstFileA
GetDriveTypeA
IsProcessorFeaturePresent

user32

GetDlgItem
CharNextA
KillTimer
SetTimer
UnregisterClassA
ShowWindow
GetSystemMetrics
SetWindowLongA
GetWindowLongA
CreateWindowExA
DestroyWindow
SendMessageA
DefWindowProcA
SetWindowTextA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetActiveWindow
SetForegroundWindow
SetActiveWindow
wsprintfA
CreateAcceleratorTableA
IsWindow
GetDesktopWindow
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
FillRect
GetWindowTextA
GetClassNameA
ReleaseCapture
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetWindowTextLengthA

gdi32

GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetStockObject

oleaut32

RegisterTypeLi
UnRegisterTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysStringLen
VarUI4FromStr
SysAllocString
VariantClear
VariantInit
SysFreeString

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString

shlwapi

StrStrIA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

641761d66d132ced269952cb04c44924

Headers

File Characteristics

Imports

kernel32

user32

gdi32

oleaut32

advapi32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 227KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 24KB - Virtual size: 29KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 228KB - Virtual size: 227KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 24KB - Virtual size: 29KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 24KB - Virtual size: 20KB