15099519bd62714b3cd8f54090ea83dc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

15099519bd62714b3cd8f54090ea83dc_JaffaCakes118
Size

496KB
MD5

15099519bd62714b3cd8f54090ea83dc
SHA1

b0646188083e60a744db46d2bbe279afbae843b2
SHA256

1c4716f2f8a624c73ec52b27b27dacc7096dc701c5566b13cb217436c0ec8a04
SHA512

ecccb526f26b061483528ea1ddf697180b4b45c8aaa6ffeef00ac20c5a40ad062c79949581bab87a68501334320d5d72ac1afd34098a0d73b4d73b354475775d
SSDEEP

6144:Q0n94YrDfCL8HStYHRqOE+ZEcmNgkkPYWoEx1/RnEIEmUgslyKu0V4Yc6KAVLTm5:pBlS+BhZZm4rMu0V45amMTmhAMh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15099519bd62714b3cd8f54090ea83dc_JaffaCakes118

Files

15099519bd62714b3cd8f54090ea83dc_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1a8dc28345edf0d74915f91374f07476

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibClose

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA

shlwapi

SHDeleteKeyA
PathFindExtensionA

mfc71

ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2862
ord4486
ord3326
ord572
ord752
ord2160
ord4305
ord3684
ord2164
ord4100
ord2094
ord3244
ord1955
ord2371
ord1903
ord3337
ord760
ord709
ord6035
ord501
ord6144
ord2325
ord3934
ord6067
ord953
ord3605
ord2566
ord3651
ord2092
ord1641
ord1571
ord4238
ord2958
ord3230
ord658
ord416
ord651
ord5871
ord1291
ord3795
ord2873
ord589
ord4001
ord4123
ord5976
ord5641
ord502
ord330
ord2370
ord5377
ord3875
ord1564
ord3204
ord2095
ord1591
ord4240
ord2991
ord3317
ord741
ord5493
ord2702
ord3198
ord379
ord5221
ord5420
ord1482
ord2703
ord3201
ord380
ord744
ord911
ord1183
ord556
ord2451
ord3997
ord4109
ord4108
ord2271
ord2628
ord907
ord3989
ord3761
ord2657
ord6205
ord3174
ord747
ord559
ord4044
ord548
ord1486
ord5403
ord2468
ord308
ord785
ord442
ord675
ord5529
ord629
ord1439
ord1123
ord6180
ord6174
ord590
ord2833
ord467
ord1340
ord2133
ord2315
ord5089
ord384
ord1290
ord5759
ord458
ord2408
ord1084
ord3110
ord6306
ord6305
ord605
ord620
ord587
ord3109
ord2020
ord3596
ord3641
ord1794
ord4580
ord5182
ord4212
ord4735
ord4890
ord1671
ord1670
ord1551
ord5912
ord1401
ord5203
ord4262
ord3182
ord356
ord3503
ord2368
ord2367
ord1966
ord5731
ord6037
ord2083
ord2075
ord2264
ord3667
ord3552
ord6236
ord2086
ord1545
ord4232
ord3164
ord6090
ord5071
ord5072
ord5070
ord4797
ord4617
ord4867
ord4844
ord4190
ord4213
ord4736
ord5211
ord4720
ord718
ord1793
ord4115
ord516
ord1554
ord3195
ord1774
ord1892
ord1873
ord2036
ord3132
ord980
ord3668
ord3553
ord4583
ord1185
ord1327
ord1582
ord5212
ord4280
ord1521
ord4272
ord721
ord526
ord6120
ord6223
ord2131
ord2475
ord1283
ord3398
ord4648
ord1092
ord3683
ord4038
ord2413
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord3948
ord5230
ord5566
ord2838
ord3333
ord566
ord757
ord5213
ord5226
ord4568
ord1049
ord2248
ord3830
ord5975
ord1069
ord3834
ord1115
ord3908
ord2787
ord5563
ord300
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord1614
ord2394
ord2410
ord934
ord930
ord932
ord928
ord923
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4244
ord1402
ord3946
ord1617
ord1620
ord5915
ord1596
ord1652
ord3678
ord4156
ord4155
ord4157
ord457
ord1286
ord694
ord5396
ord581
ord1167
ord468
ord3169
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2942
ord2533
ord2646
ord2540
ord2853
ord2714
ord4307
ord2835
ord2731
ord2537
ord5531
ord4400
ord1054
ord1917
ord3916
ord5866
ord314
ord2372
ord3879
ord6118
ord2933
ord299
ord2902
ord1489
ord4125
ord4081
ord2272
ord2322
ord762
ord1187
ord1191
ord265
ord266
ord5644
ord764
ord567
ord758
ord347
ord6017
ord602
ord5637
ord1279
ord1280
ord3286
ord3161
ord3210
ord1934
ord3514
ord304
ord876
ord781
ord310
ord784
ord297
ord578
ord1098
ord1208
ord1206
ord1037
ord315
ord765
ord1979
ord371
ord1120
ord1201
ord1175
ord1177
ord1209
ord4014

msvcr71

__security_error_handler
wcslen
memset
_except_handler3
free
__CxxFrameHandler
memcpy
malloc
_resetstkoflw
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_purecall
realloc
__RTDynamicCast
strncpy
_tempnam
atoi
sscanf
strftime
_localtime64
_time64
memmove
memcmp
__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
strcpy
_strdup
wcsncpy

kernel32

lstrcmpiA
LoadLibraryA
GetProcAddress
SetLastError
GetLastError
GetTempPathA
GetTickCount
GetCurrentThreadId
HeapAlloc
HeapFree
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
InterlockedDecrement
lstrlenW
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LocalFree
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrcpynW
CreateProcessA
MulDiv
lstrcpynA
lstrcpyA
GetModuleFileNameA
lstrcatA
IsDBCSLeadByte
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
LockResource
GlobalFree
WaitForSingleObject
GetPrivateProfileStringA
CloseHandle
SetWaitableTimer
CreateWaitableTimerA
LocalAlloc
ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap

user32

DispatchMessageW
PeekMessageA
GetClassNameA
LoadMenuA
SetFocus
GetFocus
IsChild
BeginPaint
EndPaint
GetKeyState
GetWindowLongA
OffsetRect
SetWindowRgn
SetWindowPos
CharNextA
UnionRect
CheckMenuItem
CreatePopupMenu
GetMessageW
EqualRect
GetParent
InflateRect
EnableWindow
EnableMenuItem
RemoveMenu
AppendMenuA
GetSysColor
ReleaseDC
GetDC
DrawTextA
CopyRect
IsWindowUnicode
MsgWaitForMultipleObjects
SetTimer
KillTimer
BringWindowToTop
EnumChildWindows
IntersectRect
UnregisterClassA
LoadImageA
DestroyWindow
IsWindow
IsWindowVisible
SendMessageA
SetWindowLongA
GetClassInfoExA
wsprintfA
GetSubMenu
LoadCursorA
ShowWindow
DefWindowProcA
RegisterClassExA
CreateWindowExA
RegisterClipboardFormatA
GetClientRect
SetParent
CallWindowProcA
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
GetDlgItem
GetWindowRect
MoveWindow
PostMessageA
InvalidateRect
UpdateWindow
MapWindowPoints
GetDlgCtrlID
PtInRect

gdi32

DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
RestoreDC
CreateDCA
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
CreateICA
CreateRectRgnIndirect
GetTextExtentPoint32A
GetStockObject
Rectangle
SetTextAlign
GetDIBColorTable
StretchBlt
BitBlt
RealizePalette
CreateCompatibleDC
CreateHalftonePalette
GetObjectA
GetDeviceCaps
CreatePalette
TextOutA

winspool.drv

ord201
EnumPrintersA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegFlushKey
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteA

comctl32

ImageList_AddMasked
ImageList_GetIconSize

ole32

OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
OleSaveToStream
OleLoadFromStream
CoTaskMemRealloc
CreateDataAdviseHolder
StringFromCLSID
CoTaskMemFree
DoDragDrop
CoInitialize
CoUninitialize
CoCreateInstance
OleRun
StringFromGUID2
CreateOleAdviseHolder
CoTaskMemAlloc
WriteClassStm

oleaut32

VariantChangeType
SysAllocStringLen
SafeArrayPutElement
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetDim
VariantCopy
SystemTimeToVariantTime
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
DispCallFunc
VarUI4FromStr
LoadRegTypeLi
SysStringLen
OleCreatePropertyFrame
VariantClear
VariantInit
SysFreeString
VariantTimeToSystemTime
SysAllocString

urlmon

FindMimeFromData

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a8dc28345edf0d74915f91374f07476

Headers

File Characteristics

Imports

version

msvfw32

wininet

shlwapi

mfc71

msvcr71

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

msvcp71

Exports

Exports

Sections

.text Size: 216KB - Virtual size: 213KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 124KB - Virtual size: 122KB

.reloc Size: 40KB - Virtual size: 36KB

.text
Size: 216KB - Virtual size: 213KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 124KB - Virtual size: 122KB

.reloc
Size: 40KB - Virtual size: 36KB