18727f9c02d946c532e55536ce1a063b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

18727f9c02d946c532e55536ce1a063b_JaffaCakes118
Size

352KB
MD5

18727f9c02d946c532e55536ce1a063b
SHA1

e3166b94da3fc0ef2f27eadf87a5ecac73c4cdc8
SHA256

1dfb368a835c5d65f8f87226f5823e7beb51c4739dab460b64daa163a7372757
SHA512

c84030af585984d3151a8fce71ae2715c4bfea8ed6d1dc1ac0fd4b3c8eb58ad3326c2f0766c617b0e296d8f47caa2c1edca7e1af2923b469a61af303d55161be
SSDEEP

3072:bci/ckmtNjpHfDkJnda3ckYxR2q+Vl30uN6etTsocoCjM6EI5mo17gojK0MrICtB:giuHyndaMkYj2RH6elcmI/1P3FLQtuT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18727f9c02d946c532e55536ce1a063b_JaffaCakes118

Files

18727f9c02d946c532e55536ce1a063b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a2a82e8635e5ebd75f6bb594bc785007

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\srcnew\plib\Release\ioslib.pdb

Imports

kernel32

LoadLibraryExW
CreateThread
GetLastError
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
GetModuleFileNameW
MultiByteToWideChar
lstrcmpiW
RaiseException
SetThreadLocale
GetThreadLocale
FindResourceW
GetVersionExW
GetWindowsDirectoryW
WinExec
OpenProcess
lstrlenA
GetProcAddress
LoadLibraryW
FreeLibrary
SizeofResource
LoadResource
LockResource
CreateFileW
WriteFile
CloseHandle
GetTickCount
LeaveCriticalSection
FindResourceExW
EnterCriticalSection
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
HeapSize
Sleep
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetProcessHeap
GetVersionExA
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapReAlloc
HeapAlloc
HeapFree
InterlockedExchange
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
RtlUnwind

user32

EnumWindows
CharNextW
MessageBoxW
CharLowerA
CharLowerW
PostMessageW
GetWindowThreadProcessId
UnregisterClassA

advapi32

IsTextUnicode
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoGetClassObject
StringFromGUID2
CoCreateInstance

oleaut32

VarUI4FromStr
RegisterTypeLi
VarBstrCat
SysFreeString
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantClear
UnRegisterTypeLi

rpcrt4

NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrStubForwardingFunction

wininet

InternetGetCookieW
InternetSetCookieW
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetReadFile

urlmon

CoInternetGetSession

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UnInstall

Sections

.text
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shr
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2a82e8635e5ebd75f6bb594bc785007

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

wininet

urlmon

version

psapi

Exports

Exports

Sections

.text Size: 215KB - Virtual size: 214KB

.orpc Size: 512B - Virtual size: 148B

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 6KB - Virtual size: 9KB

.shr Size: 512B - Virtual size: 1B

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 215KB - Virtual size: 214KB

.orpc
Size: 512B - Virtual size: 148B

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 9KB

.shr
Size: 512B - Virtual size: 1B

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 11KB - Virtual size: 10KB