3b873049525c770a1b6bc8d8d603cf41_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b873049525c770a1b6bc8d8d603cf41_JaffaCakes118
Size

332KB
MD5

3b873049525c770a1b6bc8d8d603cf41
SHA1

c641aa8f3dc56205840a03b4e5b2e633136b2bdd
SHA256

5d36155490b99ee66c00a057a957d3a260dcf34e186b8d7ca4450427825e85d5
SHA512

659fd150debef165194c60369c480f89b89c1eeec251ae23f5c55626bf18e34837f449da1870861433d942655afe1920394189a6f94af6aa223f496582ded2c1
SSDEEP

3072:KeR+BWYzeydnzWGtwAw7JazSjcU342U6LiBQLHp4sCsluf8p9AmHBHFladZ6fCVb:5qWYldmtcUFGfHmsdZACVzPZbV5+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b873049525c770a1b6bc8d8d603cf41_JaffaCakes118

Files

3b873049525c770a1b6bc8d8d603cf41_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b34d49ed2a025cd2fd034422c4f4839e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
CloseHandle
lstrcmpiW
CreateFileW
WriteFile
GetModuleFileNameA
VirtualQuery
FlushFileBuffers
FreeLibrary
LoadLibraryExW
GetModuleHandleW
MapViewOfFile
GetSystemDirectoryW
GetFileAttributesW
GetCurrentProcessId
DeleteFileA
GetTempPathA
GetTempFileNameW
lstrcpyA
lstrlenA
OpenMutexW
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
CreateFileA
InterlockedExchangeAdd
DuplicateHandle
GetCurrentProcess
OpenProcess
lstrcmpW
GlobalUnlock
GetProcAddress
Sleep
CreateMutexW
SetFilePointer
ReadFile
FindClose
FindNextFileW
FindFirstFileW
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LoadLibraryA
SetConsoleCtrlHandler
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetLastError
WideCharToMultiByte
GetModuleFileNameW
InterlockedDecrement
lstrlenW
InterlockedIncrement
GetVersionExW
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GlobalLock
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
SetHandleCount
GetFileType
GetCommandLineA
GetCurrentThreadId
GetSystemInfo
GetModuleHandleA
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
GetStdHandle
HeapCreate
VirtualFree
FatalAppExitA
ExitProcess
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue

user32

SetWindowLongW
GetParent
GetClassNameW
SetTimer
GetWindowLongW
EnumWindows
CharNextW
FindWindowExW
GetWindowThreadProcessId
KillTimer
GetWindow
GetTopWindow
CallWindowProcW
RegisterWindowMessageW
SendMessageW
UnhookWindowsHookEx
PtInRect
UnregisterClassA
GetKeyboardLayout
OpenClipboard
GetClipboardData
CloseClipboard

gdi32

CreateDIBSection
DeleteObject
GetDIBColorTable
StretchBlt
SelectObject
DeleteDC
CreateCompatibleDC
GetObjectW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocString
DispCallFunc
VariantChangeType
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SafeArrayDestroy
SysStringByteLen
SysAllocStringByteLen
SysReAllocStringLen
SafeArrayLock
VariantCopy
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VarBstrCmp
SysAllocStringLen
VarBstrCat
SysFreeString
SysStringLen
SafeArrayGetVartype
SafeArrayUnlock

shlwapi

PathFindExtensionW

gdiplus

GdipSaveImageToFile
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b34d49ed2a025cd2fd034422c4f4839e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

msimg32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 245KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 248KB - Virtual size: 245KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 16KB - Virtual size: 12KB