16f56cc3c33f39a1a9efbdec61ade83d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16f56cc3c33f39a1a9efbdec61ade83d_JaffaCakes118
Size

248KB
MD5

16f56cc3c33f39a1a9efbdec61ade83d
SHA1

8535b6a0ab6cebad5550e9af56f7fcae9105fec7
SHA256

1f1d97700460a871c09de9e29cfa6a39ee525d5837192de4bd425e6b366fbe71
SHA512

464ee263f01bc3c67dc220b4656af953cc4e43186027cdbc9ffb62c62c2966ba3e3992a3d7a649e04df3c991b555d167cee8ce3708f0e2b82ddd084987ad1a25
SSDEEP

3072:1c42jrNgGicgxqQr50kA5XTjxwUHtcz7yF1vFIxkGI8tLPismV3HIKomfR:ON+55A5jjxwUHtO7yF1KxkgP8SHmfR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16f56cc3c33f39a1a9efbdec61ade83d_JaffaCakes118

Files

16f56cc3c33f39a1a9efbdec61ade83d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

04ddbe7d29efa70892e23cc279d053ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

x:\Projects\hjhp\Component\HJHPIEAddOn\Release(PROD)\CPAIEAddOn.pdb

Imports

kernel32

CreateEventW
CreateThread
CloseHandle
ExitThread
SetEvent
Sleep
WaitForSingleObject
GetExitCodeProcess
TerminateThread
CreateProcessW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
OutputDebugStringW
DebugBreak
lstrlenA
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WaitForMultipleObjects
GetExitCodeThread
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapFree
GetProcessHeap
GetProcAddress
GetVersionExW
LoadLibraryW
GetFileAttributesW
LoadLibraryA
GetModuleHandleA
WideCharToMultiByte
GetCurrentProcess
OutputDebugStringA
FormatMessageW
GetVersion
GetSystemInfo
SetLastError
GlobalAlloc
GetTickCount
GlobalFree
HeapAlloc
RtlUnwind
MoveFileW
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSize
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateMutexW
ReleaseMutex
ResetEvent

user32

CharLowerW
LoadStringW
UnregisterClassA
wsprintfW
wvsprintfW
GetSystemMetrics
CharNextW

advapi32

RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CryptGetKeyParam
CryptHashData
CryptCreateHash
CryptDestroyHash
CryptAcquireContextW
CryptDeriveKey
CryptDestroyKey
CryptEncrypt
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptReleaseContext

shell32

SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemFree

oleaut32

RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
VarUI4FromStr
VariantInit
VariantClear
SysAllocString
LoadTypeLi
DispCallFunc
UnRegisterTypeLi

shlwapi

UrlGetPartW

cpacommon

??0CNPConfigMgr@@QAE@XZ
??1CNPConfigMgr@@UAE@XZ

wininet

HttpSendRequestW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
HttpQueryInfoW
InternetOpenW

urlmon

URLDownloadToFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.smiley
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.oex
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

04ddbe7d29efa70892e23cc279d053ba

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

cpacommon

wininet

urlmon

version

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 129KB

.smiley Size: 20KB - Virtual size: 19KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 16KB - Virtual size: 14KB

.oex Size: 20KB - Virtual size: 18KB

.text
Size: 132KB - Virtual size: 129KB

.smiley
Size: 20KB - Virtual size: 19KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 16KB - Virtual size: 14KB

.oex
Size: 20KB - Virtual size: 18KB