2941d631b9c210abe7529fce0b43e705_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2941d631b9c210abe7529fce0b43e705_JaffaCakes118
Size

656KB
MD5

2941d631b9c210abe7529fce0b43e705
SHA1

df84968b28d9ecd40279984b272fcbf10b87b129
SHA256

15c815ec9a0cdbc514d228acbb711b8de23e9b2716d906587423712bc5594560
SHA512

8e08d04b671af2c4b98e824698603b9ca43265eff3bf183e0a4b497b020c2df4ab8c39130078fb6a1b4ff397345d4a3e05b15b07e5bad76b968f54f619a44e91
SSDEEP

12288:nx/rb9bSD8YZ+BmuvAZJxBlk52Yy8jItZ0g:nx/rb9bw8YZ+BmnQ2YzuR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2941d631b9c210abe7529fce0b43e705_JaffaCakes118

Files

2941d631b9c210abe7529fce0b43e705_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

32b7b9cc73f29c0d00f8459715eb5673

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\programming\work\Browser.Helpd1\Browser.Help\Release\rvrs.pdb

Imports

libcurl

curl_global_cleanup
curl_easy_setopt
curl_easy_init
curl_global_init
curl_formfree
curl_formadd
curl_easy_perform

kernel32

InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
InterlockedIncrement
GetCurrentProcess
CreateTimerQueueTimer
DeleteTimerQueueTimer
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
Sleep
CreateProcessA
CreateSemaphoreW
CloseHandle
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
DeleteTimerQueue
EnterCriticalSection
LeaveCriticalSection
OpenMutexW
CreateMutexW
CreateTimerQueue
GetCurrentThreadId
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExW
CreateFileW
lstrlenA
WriteFile
GetVersionExA
ReadFile
RaiseException
ExitProcess
TerminateThread
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVolumeInformationW
SetErrorMode
GetFileTime
GetWindowsDirectoryW
CreateThread
GetCommandLineW
InitializeCriticalSectionAndSpinCount
GetTempPathW
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
SetFileTime
WideCharToMultiByte
HeapFree
GetProcessHeap
InterlockedExchange
GetACP
GetLocaleInfoA
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
GetStartupInfoA
lstrlenW
WriteConsoleW
SetEndOfFile
GetFileType
GetFileSize
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
VirtualFree
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleA
GetUserDefaultLCID
GetStringTypeExW
LCMapStringA
LCMapStringW
LoadLibraryA
InterlockedCompareExchange
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetProcAddress

user32

LoadStringW
SetWindowPos
GetForegroundWindow
PostMessageW
AllowSetForegroundWindow
GetMessageW
ShowWindow
FindWindowExW
PostThreadMessageW
CharNextW
UnregisterClassA

advapi32

GetUserNameW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
StringFromGUID2
OleRun
CLSIDFromProgID
CLSIDFromString
CoTaskMemRealloc

oleaut32

SysAllocStringByteLen
SysAllocString
GetErrorInfo
VariantChangeType
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VariantInit
VarUI4FromStr
VariantClear
SysStringLen
SysStringByteLen
SysFreeString

shlwapi

UrlEscapeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 524KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32b7b9cc73f29c0d00f8459715eb5673

Headers

File Characteristics

PDB Paths

Imports

libcurl

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 524KB - Virtual size: 522KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 524KB - Virtual size: 522KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 28KB - Virtual size: 27KB