3ac954d834b3805c3473d21990dd19e4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ac954d834b3805c3473d21990dd19e4_JaffaCakes118
Size

668KB
MD5

3ac954d834b3805c3473d21990dd19e4
SHA1

6c1ce395e338404fcff0e7e333b0ffe203e7b2bc
SHA256

1bc62a9b28ec3eb6b8cbc5b3ad5313aad5d563b20d912ca49899af99f5fd5ce7
SHA512

d95f2774a855a4dbaf4503a6e9de52214c744d596bcf10698e42dd379c7456834982272d4b28881eb0b39bd31da70758704f91db3a853202e35009b525194fc5
SSDEEP

12288:wDnxgfYlchDLo1k3fDmMzzz3IenfXmm6mqV0FUVCQoexRTqMRyVZX7SAc2AVPXe:SenfXmm6mqV0FU1WbVZX7SAJm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ac954d834b3805c3473d21990dd19e4_JaffaCakes118

Files

3ac954d834b3805c3473d21990dd19e4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c475f71ab681f3522161f2dfc84bde60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

CreatePropertySheetPageA
PropertySheetA
DestroyPropertySheetPage
ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_LoadImageA
ImageList_Destroy
ImageList_Duplicate

winmm

PlaySoundA

wininet

DeleteUrlCacheEntry
GetUrlCacheEntryInfoW
GetUrlCacheEntryInfoA

kernel32

FlushInstructionCache
InterlockedIncrement
InterlockedDecrement
GetShortPathNameA
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GlobalUnlock
GlobalLock
MulDiv
CreateThread
FreeResource
GlobalFree
GlobalHandle
LockResource
GlobalAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetPrivateProfileStringA
CreateEventA
GetSystemInfo
InterlockedExchange
CompareStringA
GetVersionExA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetFilePointer
lstrcatA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
GetTickCount
IsBadWritePtr
HeapCreate
GetEnvironmentVariableA
SetUnhandledExceptionFilter
HeapSize
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
ExitProcess
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetVersion
GetCommandLineA
GetSystemTime
GetTimeZoneInformation
HeapReAlloc
RaiseException
RtlUnwind
LocalFree
VirtualQuery
VirtualFree
VirtualAlloc
VirtualProtect
lstrlenW
GetCurrentThreadId
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
LoadLibraryA
ReadProcessMemory
GetProcAddress
FreeLibrary
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
CreateFileW
CreateFileA
GetFileSize
CloseHandle
GetLastError
CreateDirectoryA
GetFileAttributesA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetTempPathA
GetLongPathNameA
GetModuleFileNameA
lstrcmpA
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
lstrlenA
SystemTimeToFileTime
CompareFileTime
GetLocalTime
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
Sleep
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WriteFile
LCMapStringA
ReadFile

user32

PostMessageA
GetDlgItemInt
SetDlgItemInt
MessageBeep
InvalidateRgn
InvalidateRect
CreateAcceleratorTableA
RedrawWindow
BeginPaint
FillRect
IsChild
RegisterWindowMessageA
DialogBoxIndirectParamA
SystemParametersInfoA
MapWindowPoints
GetMenu
AdjustWindowRectEx
SetForegroundWindow
BringWindowToTop
LoadImageA
ReleaseCapture
SetCapture
GetCursor
SetCursor
KillTimer
IsWindowVisible
GetWindowTextLengthA
TranslateMessage
LoadStringA
GetSystemMetrics
EqualRect
IntersectRect
DestroyWindow
CreatePopupMenu
ClientToScreen
IsWindow
UnhookWindowsHookEx
CharLowerA
DestroyMenu
TrackPopupMenu
SetMenuItemInfoA
GetSubMenu
LoadMenuA
CallWindowProcW
GetParent
GetWindowTextA
DrawEdge
LoadIconA
EndDialog
GetCursorPos
PtInRect
GetDlgItemTextA
SetFocus
SetDlgItemTextA
GetDlgItem
EnableWindow
GetActiveWindow
CopyRect
DrawTextA
GetFocus
GetKeyState
GetAsyncKeyState
DispatchMessageA
PeekMessageA
MessageBoxA
GetClassNameA
GetWindow
FindWindowExA
DefWindowProcA
SetWindowPos
CreateWindowExA
ShowWindow
SendMessageA
EndPaint
GetDesktopWindow
RegisterClassA
LoadCursorA
LoadBitmapA
GetDC
ReleaseDC
SetTimer
GetWindowRect
ScreenToClient
SetWindowTextA
CharNextA
GetClassInfoExA
wsprintfA
RegisterClassExA
GetClientRect
CharUpperA
GetWindowLongA
SetWindowLongA
CallWindowProcA
GetSysColor

gdi32

LineTo
GetStockObject
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
MoveToEx
CreateSolidBrush
SelectObject
CreatePen
SetBkMode
Rectangle
DeleteDC
BitBlt
CreateCompatibleDC
TextOutA
SetBkColor
CreateCompatibleBitmap
CreateBitmap
GetObjectA
GetDIBits
GetTextExtentPoint32A

comdlg32

GetSaveFileNameA

advapi32

RegCloseKey
GetUserNameA
RegSetKeySecurity
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegFlushKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegEnumValueA
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegGetKeySecurity

shell32

ShellExecuteA

ole32

CLSIDFromProgID
CoTaskMemFree
OleLockRunning
StringFromCLSID
CLSIDFromString
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
RegisterDragDrop
ReleaseStgMedium
StringFromIID
CoGetMalloc
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
SysStringLen
SysAllocStringLen
LoadRegTypeLi
VariantClear
DispCallFunc
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
VariantInit
OleCreateFontIndirect
VariantChangeType

gdiplus

GdipFree
GdiplusStartup
GdipDisposeImage
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipAlloc
GdipLoadImageFromFile
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdiplusShutdown

shlwapi

SHDeleteKeyA
StrToIntW

urlmon

IsValidURL
URLDownloadToFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c475f71ab681f3522161f2dfc84bde60

Headers

File Characteristics

Imports

comctl32

winmm

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

urlmon

Exports

Exports

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 28KB - Virtual size: 55KB

.SHARED Size: 4KB - Virtual size: 3KB

.rsrc Size: 180KB - Virtual size: 179KB

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 28KB - Virtual size: 55KB

.SHARED
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 180KB - Virtual size: 179KB

.reloc
Size: 28KB - Virtual size: 25KB