25bbcb8ffa1ed0b8c1d3c665796158f6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25bbcb8ffa1ed0b8c1d3c665796158f6_JaffaCakes118
Size

128KB
MD5

25bbcb8ffa1ed0b8c1d3c665796158f6
SHA1

3595ecd0a258c9036f1c424ea6f8c033054176d5
SHA256

3f716fa5aa09b3be4109231ff5a09762b689a611ae866b2dc45659fbb3a3be40
SHA512

001f1cde45cfd80020be8517919968c04bedc17d7c39f1794861bd45a35a0dad72b5460324b0c71481b2a76e778e3dc34e4d4db26a3364df2f2bf99a1d33a8cc
SSDEEP

3072:oLPXz1PBEX6S1qrVQoVcdcEaK3UaPLEoAxzfxBBkBKr8i:oTzJHSg9CBUE/L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25bbcb8ffa1ed0b8c1d3c665796158f6_JaffaCakes118

Files

25bbcb8ffa1ed0b8c1d3c665796158f6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d41c690eeb1addb5516ab4b5fe1b1d5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\Saru\Mssaru\Release\mssaru.pdb

Imports

wininet

InternetGetConnectedState
InternetTimeToSystemTime
InternetCombineUrlA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

WriteFile
CreateEventA
CreateThread
SetEvent
WaitForSingleObject
GetExitCodeThread
SetFileAttributesA
GetFileAttributesA
DeleteFileA
GetTickCount
GetLocalTime
GetExitCodeProcess
lstrcpyA
lstrcatA
MoveFileExA
GetLastError
GetWindowsDirectoryA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CompareStringA
GlobalHandle
FindResourceA
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
HeapFree
GetStringTypeExA
lstrcmpiA
GlobalFree
MulDiv
ReadFile
SizeofResource
FindResourceExA
WideCharToMultiByte
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GetProcessHeap
HeapAlloc
SetLastError
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
FreeLibrary
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
GetModuleHandleA
LoadLibraryA
GetProcAddress
SystemTimeToFileTime
SetEndOfFile
SetFilePointer
CloseHandle
CreateFileA
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetModuleFileNameA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrlenA
MultiByteToWideChar
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
FileTimeToSystemTime
LocalAlloc
HeapDestroy
HeapReAlloc
HeapSize
DebugBreak
ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
lstrcmpA

user32

SendDlgItemMessageA
ScreenToClient
SetRect
SetWindowRgn
AdjustWindowRectEx
SystemParametersInfoA
IsZoomed
IsIconic
MoveWindow
IntersectRect
EnumWindows
SetRectEmpty
ClientToScreen
ShowWindow
CallWindowProcA
DefWindowProcA
GetWindowLongA
SendMessageA
GetDlgItem
SetWindowLongA
wvsprintfA
DestroyAcceleratorTable
MapWindowPoints
BeginPaint
GetClientRect
MessageBoxA
EndPaint
GetDC
ReleaseDC
IsChild
GetFocus
SetFocus
IsWindow
RedrawWindow
GetClassNameA
GetParent
CreateAcceleratorTableA
SetCapture
ReleaseCapture
InvalidateRect
GetDesktopWindow
OffsetRect
GetTopWindow
GetSystemMetrics
IsWindowVisible
GetWindowRect
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetClassInfoExA
LoadCursorA
RegisterClassExA
CharLowerA
WindowFromPoint
GetCursorPos
GetSysColor
GetCapture
CharUpperA
CharNextA
CreateWindowExA
MapDialogRect
GetWindow
SetWindowPos
SetWindowContextHelpId
DestroyWindow
CreateDialogIndirectParamA
wsprintfA
PostMessageA
PostQuitMessage
KillTimer
SetTimer
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
UnregisterClassA
InvalidateRgn
FillRect

gdi32

GetCurrentObject
GetBitmapBits
CreateBitmap
ExcludeClipRect
CreateRectRgn
CombineRgn
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
SelectObject
DeleteDC
GetDeviceCaps
GetStockObject
GetObjectA
DeleteObject

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA
SHGetSpecialFolderLocation

ole32

OleLockRunning
CoCreateInstance
CoGetClassObject
CLSIDFromProgID
CreateBindCtx
StringFromGUID2
CoTaskMemAlloc
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString

oleaut32

VariantClear
VarI4FromStr
OleCreatePictureIndirect
VarUI4FromStr
SysAllocStringByteLen
SysAllocStringLen
SystemTimeToVariantTime
SysStringLen
SysFreeString
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
VarR8FromStr
VariantInit
DispCallFunc
OleCreateFontIndirect
SysStringByteLen
SysAllocString
VariantCopy

shlwapi

PathIsURLA
PathRemoveFileSpecA
PathFindExtensionA

urlmon

RegisterBindStatusCallback
CreateURLMoniker
CreateAsyncBindCtx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d41c690eeb1addb5516ab4b5fe1b1d5f

Headers

File Characteristics

PDB Paths

Imports

wininet

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 1KB

.shared Size: 512B - Virtual size: 4B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 1KB

.shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 7KB - Virtual size: 6KB