2c68234c56f6c1c9a978dd48f50976c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c68234c56f6c1c9a978dd48f50976c1_JaffaCakes118
Size

332KB
MD5

2c68234c56f6c1c9a978dd48f50976c1
SHA1

3481622790099ecc86a6ebe082750c734a104e1b
SHA256

3223a7c980359b8823d2a47d0c921d1f495350e522638e04ba7209b45062a0a7
SHA512

873b53b27e68e49e4dd39b37db1b5f4035a6af6fd8683b2bb85c8fec87aece972e3fa0e2f23d750a81127347916b4afa346cda1f3858b92bf689d274b1f0632e
SSDEEP

3072:Keu+BWYzeydnzWGtwAw7JazSjcU342U6LipLHp4sCsluf8p9AmHBHFladZ6fCVLX:5rWYldmtcUgGfHmsdZACVzPZbV5+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c68234c56f6c1c9a978dd48f50976c1_JaffaCakes118

Files

2c68234c56f6c1c9a978dd48f50976c1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b34d49ed2a025cd2fd034422c4f4839e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
CloseHandle
lstrcmpiW
CreateFileW
WriteFile
GetModuleFileNameA
VirtualQuery
FlushFileBuffers
FreeLibrary
LoadLibraryExW
GetModuleHandleW
MapViewOfFile
GetSystemDirectoryW
GetFileAttributesW
GetCurrentProcessId
DeleteFileA
GetTempPathA
GetTempFileNameW
lstrcpyA
lstrlenA
OpenMutexW
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
CreateFileA
InterlockedExchangeAdd
DuplicateHandle
GetCurrentProcess
OpenProcess
lstrcmpW
GlobalUnlock
GetProcAddress
Sleep
CreateMutexW
SetFilePointer
ReadFile
FindClose
FindNextFileW
FindFirstFileW
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LoadLibraryA
SetConsoleCtrlHandler
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetLastError
WideCharToMultiByte
GetModuleFileNameW
InterlockedDecrement
lstrlenW
InterlockedIncrement
GetVersionExW
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GlobalLock
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
SetHandleCount
GetFileType
GetCommandLineA
GetCurrentThreadId
GetSystemInfo
GetModuleHandleA
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
GetStdHandle
HeapCreate
VirtualFree
FatalAppExitA
ExitProcess
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue

user32

SetWindowLongW
GetParent
GetClassNameW
SetTimer
GetWindowLongW
EnumWindows
CharNextW
FindWindowExW
GetWindowThreadProcessId
KillTimer
GetWindow
GetTopWindow
CallWindowProcW
RegisterWindowMessageW
SendMessageW
UnhookWindowsHookEx
PtInRect
UnregisterClassA
GetKeyboardLayout
OpenClipboard
GetClipboardData
CloseClipboard

gdi32

CreateDIBSection
DeleteObject
GetDIBColorTable
StretchBlt
SelectObject
DeleteDC
CreateCompatibleDC
GetObjectW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocString
DispCallFunc
VariantChangeType
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SafeArrayDestroy
SysStringByteLen
SysAllocStringByteLen
SysReAllocStringLen
SafeArrayLock
VariantCopy
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VarBstrCmp
SysAllocStringLen
VarBstrCat
SysFreeString
SysStringLen
SafeArrayGetVartype
SafeArrayUnlock

shlwapi

PathFindExtensionW

gdiplus

GdipSaveImageToFile
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b34d49ed2a025cd2fd034422c4f4839e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

msimg32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 245KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 248KB - Virtual size: 245KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 16KB - Virtual size: 12KB