3d0a8fd7f72091b1cc4365ae55bbd83d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d0a8fd7f72091b1cc4365ae55bbd83d_JaffaCakes118
Size

204KB
MD5

3d0a8fd7f72091b1cc4365ae55bbd83d
SHA1

06942c01445bde84461af732916ebfe75b592355
SHA256

8c00e78dea8c64bf3fc5f22b0ff75e9442ee9f32e14fc58dbb6604a9b393a1a6
SHA512

32d0a2ad5be9841d3cce0f2cb2614b0527880517793e52c8196c7e2e43f05bfd627abc2bb1f71460210aa2642203c2ef1e9b38cb4f458b825bd0fa74881b47ea
SSDEEP

3072:Ycnp9Puo3n6wRaqwfpY3wYmNL/dDN0JsdHqbg:rpBuTwREYiNL/dDNtdHp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d0a8fd7f72091b1cc4365ae55bbd83d_JaffaCakes118

Files

3d0a8fd7f72091b1cc4365ae55bbd83d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

bba227bba85403b0382c20701aa2167d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileA
CreateThread
TerminateThread
DisableThreadLibraryCalls
ReadFile
LocalFree
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
WaitForSingleObject
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
CreateProcessA
GetLocalTime
GetTickCount
SetFilePointer
WriteFile
GetFileSize
CloseHandle
lstrlenW
GetSystemDirectoryA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
GetVersion
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
OutputDebugStringA
DebugBreak
InterlockedDecrement
lstrlenA
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
DeleteFileA
VirtualFreeEx

user32

CharNextA
wvsprintfA
LoadStringA
wsprintfA
CallNextHookEx
GetClassNameA
SetWindowsHookExA
CharLowerA
UnhookWindowsHookEx
SetTimer
GetSystemMetrics
wsprintfW
GetParent
SendMessageTimeoutA
RegisterWindowMessageA
DestroyWindow
KillTimer
SendMessageA
GetActiveWindow
ShowWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
SetActiveWindow
SetForegroundWindow
SetFocus
BringWindowToTop

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegEnumKeyExA
RegQueryInfoKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantChangeType
SysAllocStringLen
SysAllocString
VariantClear
VariantCopy
SysFreeString

atl

ord30
ord57
ord18
ord15
ord16
ord21

msvcp60

??_7out_of_range@std@@6B@
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Xran@std@@YAXXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?str@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

urlmon

URLDownloadToFileA

wininet

InternetCrackUrlA
InternetOpenUrlA
InternetOpenA
InternetAttemptConnect
HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
HttpSendRequestA
InternetConnectA

netapi32

Netbios

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvcrt

_stricmp
atoi
strlen
atol
time
strcmp
_mbscmp
localtime
??2@YAPAXI@Z
strstr
_except_handler3
_CxxThrowException
??0exception@@QAE@ABV0@@Z
memcpy
_ismbcspace
_mbsstr
_mbschr
wcslen
_ismbcdigit
_mbsrchr
strcpy
memset
_mbslwr
__CxxFrameHandler
sprintf
rand
srand
_local_unwind2
_mbsicmp
memcmp
strncpy
_mbsnbcpy
free
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
memmove

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bba227bba85403b0382c20701aa2167d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl

msvcp60

urlmon

wininet

netapi32

version

msvcrt

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 1KB

.share Size: 4KB - Virtual size: 44B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 1KB

.share
Size: 4KB - Virtual size: 44B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB