25f2518fd9dbee6817bfc7b193c99308_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25f2518fd9dbee6817bfc7b193c99308_JaffaCakes118
Size

112KB
MD5

25f2518fd9dbee6817bfc7b193c99308
SHA1

07232a5274f0417d0efd82dbdd049cfce6d04707
SHA256

5b7824a88c2fa313c59f4c6d7ba43711c210f0adfe6e28ac7619ce09e292484e
SHA512

974bbab949d03729440f6a69ed894af2eaf69503ed6b5f7b6983691b00d28630fcef07169540cf37370403cdb9dba9204bb28c854d1ee051cca81bef27547d20
SSDEEP

1536:fIzWkSTumsCISjbZa5PBswVoL5MT8nXNOUeNLsPlD1Y2E:eWk/msabIV2wVoLV0zsPlD1Yp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25f2518fd9dbee6817bfc7b193c99308_JaffaCakes118

Files

25f2518fd9dbee6817bfc7b193c99308_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9e8afb004c53372b62df054bde4d2dde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatW
lstrcmpW
WinExec
CreateMutexA
IsDBCSLeadByte
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
lstrlenW
lstrcatA
lstrcpyA
HeapDestroy
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
CloseHandle
GetPrivateProfileStringA
GetCPInfo
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetFilePointer
FlushFileBuffers
SetStdHandle
RtlUnwind
GetStringTypeW
GetStringTypeA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetModuleHandleA
HeapSize
TerminateProcess
VirtualAlloc
ExitProcess
VirtualFree
HeapCreate
GetVersion
GetCommandLineA
lstrlenA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapReAlloc
GetProcAddress
LoadLibraryA
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntA
DisableThreadLibraryCalls
GetSystemDefaultLangID
GetModuleFileNameA
GetShortPathNameA
FreeLibrary
MultiByteToWideChar
GetProcessHeap
HeapAlloc
WideCharToMultiByte
HeapFree
LocalFree
lstrcpynA
InterlockedDecrement
GetVersionExA

user32

GetDC
CopyRect
BeginPaint
InflateRect
SetCapture
ReleaseCapture
PtInRect
SystemParametersInfoA
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowRect
IsWindow
DefWindowProcA
UpdateWindow
SetTimer
GetCursorPos
SetWindowTextA
DrawIconEx
GetWindowDC
LoadImageA
KillTimer
CallNextHookEx
IsRectEmpty
DrawTextA
GetWindowTextA
DrawFrameControl
GetClientRect
SetRectEmpty
OffsetRect
ScreenToClient
SetWindowRgn
MoveWindow
PostMessageA
ShowWindow
GetWindowLongA
CharNextA
SetWindowLongA
LoadIconA
FindWindowA
GetWindowTextW
SendMessageA
SendMessageW
SetWindowTextW
GetClassNameA
EnumChildWindows
GetParent
LoadStringA
EndPaint
wsprintfW
GetSystemMetrics
ReleaseDC
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
CreateWindowExA
CallWindowProcA

gdi32

ExcludeClipRect
GetViewportOrgEx
SetViewportOrgEx
DeleteObject
CreateFontIndirectA
GetObjectA
GetStockObject
DeleteDC
StretchBlt
SetStretchBltMode
ExtTextOutA
SetBkColor
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkMode
FrameRgn
OffsetRgn
CreateSolidBrush
SetWindowOrgEx
GetClipBox
EqualRgn
BitBlt
CreatePolygonRgn
CreateRectRgn
CombineRgn

advapi32

RegSetValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegEnumValueW
RegEnumKeyExA

shell32

ShellExecuteA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

OleTranslateColor
LoadRegTypeLi
SysFreeString
SysAllocString
SysAllocStringLen
VariantCopy
VariantChangeType
VariantClear
VarUI4FromStr
SysStringLen
LoadTypeLi
RegisterTypeLi

shlwapi

StrRetToBufA
PathRemoveFileSpecA
PathAppendA
UrlApplySchemeW
PathIsURLW
StrDupW
PathFileExistsW
PathIsDirectoryW
StrDupA

wininet

InternetCrackUrlW

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
ImageList_SetBkColor
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_Remove

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e8afb004c53372b62df054bde4d2dde

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

comctl32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 8KB - Virtual size: 6KB