168eca796a9eb6600e0746048955159a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

168eca796a9eb6600e0746048955159a_JaffaCakes118
Size

464KB
MD5

168eca796a9eb6600e0746048955159a
SHA1

701c95938344ab59261b2cf123dd7ded917dee08
SHA256

78cb0df112f4377f75be918d9d6d2bfc22bd97b0f4b685e70e34dc667716c25b
SHA512

0f16d756f5947c8db517b72c404e42a96d40e44f29d3e73ddf58435e529bb95462619520222f018373bab18fcd2182f12715035c525beff25fd61346cc2413c9
SSDEEP

6144:qDnobUZpVwiP4e/2q8793PoEaRPKyBt2IK+bS6XuMMhb:4obRigeuq8h3zaRSyBt2kqb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
168eca796a9eb6600e0746048955159a_JaffaCakes118

Files

168eca796a9eb6600e0746048955159a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

910a4f4dcc1712a3ecf53db7d1d06cfe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\miha\bho\Browser.Helpd1\Browser.Help\Release\rvrs.pdb

Imports

libcurl

curl_global_cleanup
curl_formadd
curl_formfree
curl_global_init
curl_easy_init
curl_easy_perform
curl_easy_setopt

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
CreateTimerQueueTimer
DeleteTimerQueueTimer
InterlockedIncrement
GetTickCount
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
CreateProcessA
CreateSemaphoreW
CloseHandle
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
DeleteTimerQueue
EnterCriticalSection
LeaveCriticalSection
OpenMutexW
CreateMutexW
CreateTimerQueue
GetACP
GetCurrentThreadId
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExW
GetVersionExA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateFileW
Sleep
GetCurrentProcessId
lstrlenA
WriteFile
ReadFile
GetFileSize
ExitProcess
GetVolumeInformationW
SetErrorMode
GetFileTime
GetWindowsDirectoryW
CreateThread
GetCommandLineW
InitializeCriticalSectionAndSpinCount
GetTempPathW
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
SetFileTime
WideCharToMultiByte
HeapFree
GetProcessHeap
InterlockedExchange
GetLocaleInfoA
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
WriteConsoleA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
LoadLibraryA
lstrlenW
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CreateFileA
TerminateThread
GetConsoleMode
GetConsoleCP
SetFilePointer
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
VirtualFree
GetCommandLineA
VirtualQuery
GetSystemInfo
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleA

user32

PostMessageW
GetKeyboardState
ShowWindow
GetMessageW
GetActiveWindow
GetForegroundWindow
SetWindowPos
AllowSetForegroundWindow
CharNextW
PostThreadMessageW
FindWindowExW
UnregisterClassA

advapi32

RegOpenKeyExW
GetUserNameW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoInitialize
StringFromGUID2
OleRun
CLSIDFromProgID
CLSIDFromString
CoUninitialize

oleaut32

LoadTypeLi
SysAllocString
GetErrorInfo
VariantChangeType
RegisterTypeLi
UnRegisterTypeLi
VariantInit
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantClear

shlwapi

UrlEscapeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

910a4f4dcc1712a3ecf53db7d1d06cfe

Headers

File Characteristics

PDB Paths

Imports

libcurl

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 365KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 368KB - Virtual size: 365KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 18KB