3e99b4aa1d2596b00f1456225bee8a29_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3e99b4aa1d2596b00f1456225bee8a29_JaffaCakes118
Size

260KB
MD5

3e99b4aa1d2596b00f1456225bee8a29
SHA1

8bf8ec762ca948428e15c4f9299cd08f01140dd0
SHA256

222dc9f4341e3ab7d6106d1e627aae181cae8c06935c5620d1851fd067b80a6f
SHA512

0af7bb2b7f294d2c12b7beecb3a95c4cfc3e2029ac67a3ebb664b38cfd0e4a99827f4d216a06e46aedc4adfd87744cf9db724ac284ed75bb60e98665d2a0b3ad
SSDEEP

6144:mhk8vnYRs3PayHxfxBZyL1Qpk95Hbi6wK9OhrU:s/ayxxBZ3pSdBOhrU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e99b4aa1d2596b00f1456225bee8a29_JaffaCakes118

Files

3e99b4aa1d2596b00f1456225bee8a29_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

205333c5d8c523694674f421c31f3b53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

mfc42

ord3830
ord3353
ord2976
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord540
ord860
ord4202
ord2764
ord800
ord354
ord5186
ord1979
ord665
ord823
ord825
ord537
ord925
ord858
ord535
ord6779
ord939
ord6663
ord4278
ord6877
ord6648
ord2818
ord5683
ord3831
ord353
ord5773
ord5442
ord6385
ord4129
ord4277
ord924
ord922
ord2915
ord3825
ord3079
ord4080
ord4622
ord4424
ord3579
ord2486
ord859
ord6778
ord6876
ord4204
ord614
ord290
ord923
ord5710
ord1988
ord3318
ord2803
ord690
ord5207
ord389
ord1105
ord1158
ord801
ord941
ord772
ord500
ord541
ord536
ord6662
ord6143
ord2763
ord5608
ord6883
ord539
ord1601
ord926
ord861
ord1200
ord6467
ord1154
ord940

msvcrt

localtime
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_mbscmp
atoi
_onexit
__dllonexit
_strcmpi
_wcsicmp
_CxxThrowException
rename
asctime
malloc
memset
free
atof
time
fopen
fputs
fclose
srand
rand
memcpy
__CxxFrameHandler
strcpy
memcmp
sprintf
strlen
printf
strstr
strcat
realloc

kernel32

LocalFree
InterlockedIncrement
ExpandEnvironmentStringsA
CopyFileA
FindNextFileA
FindFirstFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
GetExitCodeProcess
OpenProcess
GetCurrentProcess
MulDiv
GetVersionExA
GetLocaleInfoA
GetVersion
lstrcpynA
FreeLibrary
lstrcmpA
GetLastError
lstrcatA
GetProcAddress
LoadLibraryA
WriteFile
Sleep
WideCharToMultiByte
InterlockedDecrement
MultiByteToWideChar
CreateProcessA
ResumeThread
CreateThread
lstrlenA
GetWindowsDirectoryA
GetSystemDirectoryA
OpenFile
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetModuleFileNameA
DeleteFileA
lstrcpyA

user32

EndDialog
SetDlgItemTextA
SendMessageA
FindWindowExA
MessageBoxW
CallWindowProcA
SetForegroundWindow
SetWindowLongA
GetDlgItemTextA
IsWindow
PostMessageA
GetParent
GetForegroundWindow
WaitForInputIdle
SetFocus
EnumWindows
ShowWindow
GetDlgItem
ClientToScreen
ScreenToClient
ReleaseDC
GetWindowDC
SetWindowPos
GetWindowRect
GetDesktopWindow
GetCursorPos
GetDC
DialogBoxParamA
EnableWindow
GetSystemMetrics
IsCharAlphaNumericA
wsprintfA
GetWindowThreadProcessId
IsChild
SetWindowTextA
MessageBoxA

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
SetPixel
DeleteObject
SetBkColor
SetTextColor
CreateSolidBrush
CreateFontA
GetDeviceCaps

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
RegOpenKeyExA

shell32

ShellExecuteA

olepro32

ord252

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantCopy
OleLoadPicturePath
OleSavePictureFile
SysAllocString
GetErrorInfo
SafeArrayUnaccessData

wininet

InternetCloseHandle
InternetOpenUrlA
FtpFindFirstFileA
FtpOpenFileA
InternetFindNextFileA
FtpCreateDirectoryA
InternetWriteFile
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
InternetOpenA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA

ws2_32

WSACleanup
gethostbyname
WSAStartup
inet_ntoa

crypt32

CertCloseStore
CertOpenSystemStoreA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

205333c5d8c523694674f421c31f3b53

Headers

File Characteristics

Imports

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

olepro32

ole32

oleaut32

wininet

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 182KB - Virtual size: 181KB

.text1 Size: 28KB - Virtual size: 27KB

.data1 Size: 32KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 182KB - Virtual size: 181KB

.text1
Size: 28KB - Virtual size: 27KB

.data1
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB