17aee03b4a86b5fc4aa7859fd3c87db4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

17aee03b4a86b5fc4aa7859fd3c87db4_JaffaCakes118
Size

48KB
MD5

17aee03b4a86b5fc4aa7859fd3c87db4
SHA1

0eadcd31673896c7f45a5dee7f649ce9e8810eca
SHA256

0c80d7497893c51c571b23a968ff6a51b9a47b72652ca7b5982866eb08a1cb40
SHA512

34e47f8f6b1ba4ab171c373580040a07b706782530381924594e0b1121f2ee23bf336ee3d67aa74081ee42cdcb0b8a300b7a50ac20e5d5ee18def8118e34a642
SSDEEP

768:RR3JQL+PuAFOBGwfVkIYB7j96N5nQwYyIaeBGrmJGcf1l:zJQqSGirY1905lYumJGcf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17aee03b4a86b5fc4aa7859fd3c87db4_JaffaCakes118

Files

17aee03b4a86b5fc4aa7859fd3c87db4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

68569df3a7e10971cfd9daf1b1957a14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
DisableThreadLibraryCalls
SetEvent
WriteFile
CreateFileA
Sleep
WaitForMultipleObjects
ResetEvent
CreateEventA
lstrlenA
FindClose
FindFirstFileA
GetModuleFileNameA
GetVersionExA
MoveFileExA
lstrcatA
CreateDirectoryA
WinExec
GetEnvironmentVariableA
LocalFree
OpenProcess
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
FreeLibrary
LoadLibraryExA
SetErrorMode
LoadLibraryA
CreateProcessA
GetSystemDirectoryA
GetWindowsDirectoryA
DeleteFileA
WaitForSingleObject
GetExitCodeThread
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTickCount
CreateMutexA
GetLastError
CloseHandle
InterlockedIncrement
VirtualProtect
CopyFileA
GetShortPathNameA

user32

FindWindowExA
SetTimer
DefWindowProcA
wsprintfA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
PostMessageA
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey

ole32

CoInitialize
OleUninitialize
OleInitialize
CoUninitialize
CoCreateGuid

msvcrt

_mbsnbcpy
_mbscmp
atol
??3@YAXPAX@Z
fopen
fseek
fprintf
fclose
time
sprintf
strncpy
__CxxFrameHandler
_strnicmp
fgets
rewind
_stricmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
_mbsstr
strchr
free
_snprintf
_mbsnbcmp
malloc
_beginthreadex
strstr
_except_handler3
strrchr
sscanf

setupapi

SetupIterateCabinetA

urlmon

URLDownloadToFileA

wininet

InternetConnectA
InternetOpenA
HttpQueryInfoA
InternetCrackUrlA
InternetSetStatusCallback
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

SHSetValueA
SHGetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wndhook
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68569df3a7e10971cfd9daf1b1957a14

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcrt

setupapi

urlmon

wininet

version

shlwapi

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 3KB

wndhook Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 992B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 3KB

wndhook
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 992B

.reloc
Size: 4KB - Virtual size: 2KB