2aa7039d1f5f40c3a44c14671e33625b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2aa7039d1f5f40c3a44c14671e33625b_JaffaCakes118
Size

103KB
MD5

2aa7039d1f5f40c3a44c14671e33625b
SHA1

fabf427cae140925f3b662a80e40286375b7c4a1
SHA256

d7817da98ba505b50ad34ff62f7ccc576f7d26cafb10aad07958ae359aa4ad6c
SHA512

bf182eea147c69333de6dc9c7a2177e2f5073506b4c5800d3e108f68b3884f477986cf57cf38f40f73291b293cfb1a6de3307a222308d7f490a0a7a2e3cdd60d
SSDEEP

3072:jhn7mFrsphawxh73QkGWPzcPJ7o1usmJLiBVtuXcZp:Vn7mFrkaWTPCJ7o1uapuK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2aa7039d1f5f40c3a44c14671e33625b_JaffaCakes118

Files

2aa7039d1f5f40c3a44c14671e33625b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cfeb62ed1d3a0bcc678de0bc0db74007

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\projects\YLocalInfo\Release\YLocalInfo.pdb

Imports

wininet

InternetCrackUrlA

kernel32

GlobalLock
GlobalAlloc
HeapAlloc
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
CloseHandle
ReadFile
CreateFileA
lstrcatA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
HeapCreate
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TlsAlloc
TlsGetValue
SetLastError
TlsFree
LCMapStringW
LCMapStringA
GetCommandLineA
TlsSetValue
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
GetEnvironmentStringsW
WriteFile
VirtualProtect
GetSystemInfo
GlobalUnlock
MulDiv
IsDBCSLeadByte
lstrcpynA
lstrcpyA
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
GetModuleFileNameA
GetShortPathNameA
lstrlenW
FindClose
GetProcessHeap
HeapFree
FindFirstFileA
lstrcmpA
FindNextFileA
GetLastError
VirtualQuery
lstrcmpiA
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
IsBadReadPtr
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrlenA
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
SetFilePointer
LoadLibraryA
RtlUnwind
FreeEnvironmentStringsW

user32

GetClassInfoExA
LoadCursorA
wsprintfA
UnregisterClassA
CreateWindowExA
GetParent
SetFocus
ShowWindow
GetFocus
IsChild
BeginPaint
GetClientRect
EndPaint
InvalidateRect
IsWindow
GetKeyState
CallWindowProcA
GetWindowLongA
SetWindowLongA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetDC
ReleaseDC
UnionRect
PtInRect
CharNextA
DefWindowProcA
DestroyWindow
RegisterClassExA

gdi32

CreateMetaFileA
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateDCA
GetDeviceCaps
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
GetClipRgn
CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
TextOutA

advapi32

CryptDestroyKey
CryptDecrypt
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptAcquireContextA
CryptReleaseContext
CryptDestroyHash
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA

shell32

SHGetFileInfoA

ole32

OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateOleAdviseHolder
CreateDataAdviseHolder
StringFromGUID2
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
StringFromCLSID
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
SysAllocStringByteLen
RegisterTypeLi
UnRegisterTypeLi
OleCreatePropertyFrame
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr
VariantInit
VariantClear
SysStringByteLen
VariantChangeType
LoadTypeLi

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfeb62ed1d3a0bcc678de0bc0db74007

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 7KB - Virtual size: 6KB