33e67841a8a4abfcba921d817ca93fb5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33e67841a8a4abfcba921d817ca93fb5_JaffaCakes118
Size

156KB
MD5

33e67841a8a4abfcba921d817ca93fb5
SHA1

4fb109f94d59d9f27c8d77398667ac21a2bbdd3d
SHA256

f85360809fd4bb77583d31002251e042646149805e9dab40ea9a317f6aa49d7b
SHA512

6ac265fc41d21dc2b827e3601e03114817ec0e56ce34636e611cec47426143facfc44933c3eb2833e22a63ee55fdc990b1f207c7a75e1338bf0465a12fc868e1
SSDEEP

3072:WGuxXScnouwO7kWaZIVLkek6HIXdAZzXcWdzxx:WGSXPbbhLtHcdAZzXXdz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33e67841a8a4abfcba921d817ca93fb5_JaffaCakes118

Files

33e67841a8a4abfcba921d817ca93fb5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4ff50a2b79b9ffdf4a29e4126f6933bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
lstrlenA
GetModuleFileNameA
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
FreeResource
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryA
GetCurrentThreadId
lstrcpyA
InterlockedDecrement
GetLocalTime
CloseHandle
ReadFile
CreateFileA
DeleteFileA
LocalFree
OpenMutexA
OpenFileMappingA
OpenEventA
ResetEvent
SetEvent
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
lstrcmpiA
lstrlenW
FindResourceExA
InterlockedIncrement
LoadLibraryExA
DisableThreadLibraryCalls
lstrcatA
IsDBCSLeadByte
CreateThread
FindResourceW
FindResourceExW
SetFilePointer
SetFileAttributesA
GetFileAttributesA
GetCurrentProcessId
FlushFileBuffers
WriteFile
GetSystemTime
SetErrorMode
SetUnhandledExceptionFilter
Sleep
FindResourceA
LoadResource
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
DebugBreak
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
LocalAlloc
GetPrivateProfileStringA
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExA
GetModuleHandleA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FreeLibrary
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW

user32

GetCapture
ReleaseDC
GetDC
GetSysColor
FillRect
SetCursor
MessageBoxA
LoadImageW
LoadImageA
LoadCursorW
LoadIconW
LoadIconA
LoadBitmapW
LoadBitmapA
LoadStringW
LoadStringA
GetDesktopWindow
GetDlgItem
GetFocus
CharNextA
IsWindowEnabled
EndPaint
BeginPaint
ClientToScreen
GetWindowTextA
GetWindow
ReleaseCapture
GetDlgCtrlID
SetCapture
KillTimer
SystemParametersInfoA
CallWindowProcA
SetWindowRgn
CreateWindowExA
GetClassInfoExA
RegisterClassExA
UnregisterClassA
PtInRect
GetParent
LoadCursorA
wsprintfA
IsWindow
AdjustWindowRectEx
SetTimer
RedrawWindow
ShowWindow
InvalidateRect
UpdateWindow
GetClientRect
GetWindowRect
SetWindowPos
MoveWindow
GetMenu
SetWindowTextA
PostMessageA
GetWindowLongA
SetWindowLongA
DrawTextA
DestroyWindow
SendMessageA
DefWindowProcA

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
SetTextColor
GetTextMetricsA
CreateRoundRectRgn
SelectObject
SetBkMode
GetStockObject
StretchBlt
SetStretchBltMode
CreateFontIndirectA
CreateDIBitmap
StretchDIBits
GetObjectA
DeleteDC

shell32

ShellExecuteA

ole32

CoInitialize
OleRun
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
VariantClear
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysStringLen
VariantCopy
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy

shlwapi

PathAppendA
PathFileExistsA
PathFindExtensionA

msvcp71

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Nomemory@std@@YAXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr71

wcsncpy
__security_error_handler
__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_callnewh
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_vsnprintf
strrchr
_snprintf
wcslen
_mbscmp
free
_CxxThrowException
memset
_except_handler3
_mktime64
memcpy
malloc
??_V@YAXPAX@Z
??3@YAXPAX@Z
_mbsstr
_mbschr
strlen
_vscprintf
vsprintf
__CxxFrameHandler
memmove
_time64
realloc
??8type_info@@QBEHABV0@@Z
atoi
sscanf
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_endthread
_beginthread
_resetstkoflw
wcscpy
memcmp
_purecall

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ff50a2b79b9ffdf4a29e4126f6933bc

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 3KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 3KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 16KB - Virtual size: 13KB