39c09e1a31e941f098a7fddc60625f2b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39c09e1a31e941f098a7fddc60625f2b_JaffaCakes118
Size

72KB
MD5

39c09e1a31e941f098a7fddc60625f2b
SHA1

dacb015ec268296d0251d87e5c9659cb22463f3d
SHA256

1152e27f05a52d749d9f7eb9718e53d665dfc774b9c2b5c5336f949485b48cd9
SHA512

1bca385dac10683db9b0e0ec646c278b492a6ca312c00627d7a9a8d049425c602c5e7f9aedf8fdd5fadb9b38906f951da92e5d124aa745b99dafc11c1e14c97d
SSDEEP

1536:uG9yN9OoP/nW0mtBnA1pSXDhMXnsINx0Vw:uG9m9OoP/nW0mjnA1pSTGXn9Nxqw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39c09e1a31e941f098a7fddc60625f2b_JaffaCakes118

Files

39c09e1a31e941f098a7fddc60625f2b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ef1587f74cf3f2fe210872d12100e05c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCrackUrlA

urlmon

CoInternetGetSession

kernel32

InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
lstrlenA
lstrcmpiA
lstrcpynA
lstrcpyA
RaiseException
lstrcatA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetCurrentThreadId
MapViewOfFile
CreateFileMappingA
QueryPerformanceCounter
ExitProcess
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA

user32

LoadMenuA
DeleteMenu
CharNextA
SendMessageA
TrackPopupMenu
SetMenuItemInfoA
wsprintfA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
DefWindowProcA
FindWindowExA
GetWindowLongW
SetWindowLongW
CallWindowProcA
MessageBoxA
GetMenuItemInfoA
InsertMenuItemA
EnableMenuItem
GetSubMenu

advapi32

RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoGetClassObject
StringFromGUID2

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysStringLen
VariantInit
VariantClear

shlwapi

PathFindExtensionA

msvcr71

??2@YAPAXI@Z
memmove
wcslen
strncmp
rand
srand
time
memset
__security_error_handler
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
__CppXcptFilter
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_strnicmp
realloc
wcsncpy
_CxxThrowException
_resetstkoflw
malloc
_mbslwr
_mbsstr
__CxxFrameHandler
??_V@YAXPAX@Z
free
??3@YAXPAX@Z
_except_handler3
??_U@YAPAXI@Z

rpcrt4

IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
NdrStubCall2
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrStubForwardingFunction

msvcp71

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 46B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef1587f74cf3f2fe210872d12100e05c

Headers

File Characteristics

Imports

wininet

urlmon

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcr71

rpcrt4

msvcp71

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.orpc Size: 4KB - Virtual size: 46B

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 692B

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 29KB

.orpc
Size: 4KB - Virtual size: 46B

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 692B

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 4KB