10199c8e431cf446f499cf5110578f45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10199c8e431cf446f499cf5110578f45_JaffaCakes118
Size

176KB
MD5

10199c8e431cf446f499cf5110578f45
SHA1

3bd15da32e9362a0e16ad79d834be7891cd909f6
SHA256

2fc33b381f0323feda0f6bd3e84440fc999074c4a44075752873bdbfb78ce531
SHA512

823d9c134ef3f955b538155e2c3ddc190e9ef677041c6e6975d06e8b60ab97fffb5086dad4a10b7ae632d5199400c7358548d2360ab1621a5f93380143ee5552
SSDEEP

3072:cBoTLFBiTfnTqJysHh3KlG2hvRLvaK17bBJ0t3EMasNBVuTsNBCo1Q75uVCWcx8H:c0LFBiTfnTqJysHh3KlRhvRLyK17b30V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10199c8e431cf446f499cf5110578f45_JaffaCakes118

Files

10199c8e431cf446f499cf5110578f45_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d906eb3f5bcdb98e4f96668cc5033463

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

urlmon

UrlMkSetSessionOption
URLDownloadToFileA
IsValidURL
CoInternetCompareUrl
ObtainUserAgentString

kernel32

lstrcpyA
lstrlenA
GetModuleFileNameA
InterlockedExchange
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
MultiByteToWideChar
GetLastError
WideCharToMultiByte
lstrlenW
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
lstrcatA
GetVersion
CloseHandle
TerminateProcess
ReleaseMutex
CreateMutexA
CreateSemaphoreA
lstrcatW
lstrcpyW
CreateProcessA
lstrcmpiA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
Sleep
GetLocalTime
DisableThreadLibraryCalls
LCMapStringW
ReadFile
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
VirtualProtect
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
SetFilePointer
GetStartupInfoA
VirtualQuery
GetSystemInfo
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
SetLastError
TlsFree
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapSize
GetCurrentProcess
ExitProcess
RtlUnwind
HeapFree
RaiseException
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetProcAddress
GetModuleHandleA

user32

SetTimer
wsprintfA
wsprintfW
KillTimer
CharNextA
GetKeyboardLayout
GetDoubleClickTime
GetSystemMetrics

advapi32

RegCreateKeyA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegSetValueExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

UnRegisterTypeLi
DispCallFunc
SafeArrayDestroy
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayCreateVector
SysStringLen
LoadRegTypeLi
VariantInit
LoadTypeLi
SysAllocString
RegisterTypeLi
SysFreeString
VarUI4FromStr
VariantClear

shlwapi

PathFindExtensionA

comctl32

InitCommonControlsEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d906eb3f5bcdb98e4f96668cc5033463

Headers

File Characteristics

Imports

wininet

urlmon

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 4.6MB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 4.6MB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 20KB - Virtual size: 19KB