2c4d6ad6c376e7d9b70a8b0823586d05_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c4d6ad6c376e7d9b70a8b0823586d05_JaffaCakes118
Size

168KB
MD5

2c4d6ad6c376e7d9b70a8b0823586d05
SHA1

d5d905eb156e7116692f12c3b53067b99beb1845
SHA256

ddea0ff4804f373baecec1b89514c2b328f9011cab71a022e379becc2c4406b3
SHA512

05bab18b3a3c8d4a84773e2833960a7c8672f17c7eb59a155aa57cf42fb21065c5c3de72009d8ec975d4313f3965da4be21ee08d5d2d114d8fbda80d43bcc038
SSDEEP

3072:+Sp+bUwG0xDVFmhBFmUbqGZJH2cTMkToLcBBED2E2:B+bUw7xDVcjbnbW4MkTo5D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c4d6ad6c376e7d9b70a8b0823586d05_JaffaCakes118

Files

2c4d6ad6c376e7d9b70a8b0823586d05_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d916a2f9ca5ce1a285be2b396856ed46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCheckConnectionA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

urlmon

CoInternetCompareUrl
UrlMkSetSessionOption
ObtainUserAgentString
URLDownloadToFileA
IsValidURL

kernel32

GetModuleFileNameA
InterlockedExchange
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
MultiByteToWideChar
GetLastError
WideCharToMultiByte
lstrlenW
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
lstrcatA
ExitProcess
FreeResource
GetSystemTime
Sleep
lstrcatW
lstrcpyW
CreateProcessA
CloseHandle
lstrlenA
WaitForSingleObject
CreateThread
WriteFile
LockResource
SetFileTime
CopyFileA
GetFileTime
CreateFileA
GetVersion
SetFilePointer
VirtualQuery
GetSystemInfo
VirtualProtect
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetCPInfo
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
GetCurrentProcessId
TerminateThread
lstrcpyA
lstrcmpiA
GetTickCount
DisableThreadLibraryCalls
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
ReadFile
SetStdHandle
QueryPerformanceCounter
TlsAlloc
TlsGetValue
SetLastError
TlsFree
HeapSize
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
GetCommandLineA
TlsSetValue
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
HeapFree
RaiseException
RtlUnwind
FlushFileBuffers

user32

CharNextA
IsWindow
GetDoubleClickTime
GetActiveWindow
SetCaretBlinkTime
EnableWindow
GetSystemMetrics
UpdateWindow
FindWindowA
GetScrollPos
GetSubMenu
GetFocus
GetKeyboardType
GetDC
GetMessagePos
ReplyMessage
EnumWindows
wsprintfA
wsprintfW
SetTimer
EndDialog
GetLastActivePopup
DestroyMenu
DeleteMenu
CallMsgFilterA
KillTimer

gdi32

GetBkColor

advapi32

RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteValueA
RegCreateKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2

oleaut32

SafeArrayAccessData
VariantClear
DispCallFunc
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysStringLen
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
RegisterTypeLi
SysFreeString
VarUI4FromStr
VariantInit

shlwapi

PathFindExtensionA

comctl32

GetMUILanguage
InitCommonControlsEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d916a2f9ca5ce1a285be2b396856ed46

Headers

File Characteristics

Imports

wininet

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 4.6MB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 4.6MB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 20KB - Virtual size: 19KB