4224e6ed557f2c15e6d8edb216c4d677_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4224e6ed557f2c15e6d8edb216c4d677_JaffaCakes118
Size

209KB
MD5

4224e6ed557f2c15e6d8edb216c4d677
SHA1

6019bf43bc900d728fcd08fe57a17ac71e86a432
SHA256

4bb7eb2c362e593d39afd6211f403abff35353828834451f82e45445fabed61e
SHA512

a8f65bdcf5ff42c6f6147f11e3b9f0847a01427cdb66dc86015d345df1b5e3bbb5362641e1902ba9c1390f3ac60205c9a7e4a91607915cb36e4357519e245a1b
SSDEEP

3072:FoF6De6jDA7tLVREKkGTnpRX9bKGF5MxfZmLxc9oTeFzZbhqiVHGOZkc2J0O4:DPDA7tLVOsnpRXcGnMuc2YL1feJ0O4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4224e6ed557f2c15e6d8edb216c4d677_JaffaCakes118

Files

4224e6ed557f2c15e6d8edb216c4d677_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

31fc14e4243a1a1ba4306738f7033428

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

mfc42

ord4622
ord4424
ord3579
ord614
ord290
ord4204
ord6876
ord6778
ord859
ord665
ord1979
ord5186
ord354
ord800
ord2764
ord4202
ord860
ord540
ord823
ord825
ord535
ord858
ord925
ord537
ord939
ord6779
ord4278
ord6663
ord6648
ord6877
ord4080
ord5683
ord2818
ord5442
ord5773
ord353
ord6385
ord4129
ord4277
ord3079
ord3825
ord3831
ord3830
ord3353
ord2976
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord923
ord389
ord5207
ord2803
ord3318
ord1988
ord690
ord5710
ord1105
ord1158
ord857
ord2623
ord3237
ord541
ord500
ord801
ord772
ord922
ord6662
ord536
ord6143
ord2763
ord5608
ord6883
ord539
ord926
ord1601
ord861
ord1154
ord6467
ord1200
ord2486
ord1168
ord940
ord532
ord941
ord6407
ord1997
ord798
ord2915
ord924

msvcrt

rename
atoi
free
_adjust_fdiv
_initterm
_strcmpi
_wcsicmp
_CxxThrowException
wcslen
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
malloc
atof
time
fclose
fputs
fopen
rand
srand
_ftol
_mbsnbcpy
_mbscmp
_purecall
sprintf
__CxxFrameHandler
realloc
strstr
printf
_onexit
__dllonexit
localtime
asctime

kernel32

LocalFree
ExpandEnvironmentStringsA
FindClose
CopyFileA
FindFirstFileA
FindNextFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
FormatMessageA
LocalAlloc
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GetVersionExA
DeviceIoControl
GetLocaleInfoA
GetVersion
GetLastError
lstrcmpA
lstrcpynA
lstrcpyA
lstrcatA
LoadLibraryA
GetProcAddress
WriteFile
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
Sleep
WideCharToMultiByte
lstrlenA
CreateProcessA
GetFileAttributesA
CreateThread
ResumeThread
WaitForSingleObject
FindResourceA
SizeofResource
LoadResource
FreeResource
GetWindowsDirectoryA
GetSystemDirectoryA
OpenFile
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameA
DeleteFileA
FreeLibrary

user32

EndDialog
GetDlgItem
GetDlgItemTextA
MessageBoxW
FindWindowExA
CallWindowProcA
SetWindowLongA
SetForegroundWindow
SendMessageA
GetParent
PostMessageA
IsWindow
EnumWindows
SetFocus
WaitForInputIdle
GetForegroundWindow
ShowWindow
SetDlgItemTextA
ReleaseDC
ScreenToClient
ClientToScreen
GetCursorPos
GetDesktopWindow
GetWindowRect
SetWindowPos
GetWindowDC
GetDC
DialogBoxParamA
GetSystemMetrics
EnableWindow
CharToOemA
wsprintfA
IsCharAlphaNumericA
GetWindowThreadProcessId
IsChild
SetWindowTextA
MessageBoxA

gdi32

DeleteObject
SetPixel
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreateSolidBrush
SetTextColor
SetBkColor
GetDeviceCaps

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegQueryInfoKeyA
RegCreateKeyExA

shell32

ShellExecuteExA
ShellExecuteA

olepro32

ord252
ord251

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal
OleRun

oleaut32

SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
VariantInit
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
VariantClear
VariantCopy
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
OleLoadPicturePath
OleSavePictureFile
SysAllocString
GetErrorInfo
SafeArrayCreateVector

wininet

InternetOpenA
HttpQueryInfoA
InternetOpenUrlA
InternetFindNextFileA
FtpOpenFileA
FtpFindFirstFileA
InternetWriteFile
FtpCreateDirectoryA
DeleteUrlCacheEntry
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetCloseHandle
InternetReadFile
InternetConnectA
HttpSendRequestA
HttpOpenRequestA

ws2_32

WSACleanup
gethostbyname
inet_ntoa
WSAStartup

crypt32

CertOpenSystemStoreA
CertCloseStore

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31fc14e4243a1a1ba4306738f7033428

Headers

File Characteristics

Imports

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

olepro32

ole32

oleaut32

wininet

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 195KB - Virtual size: 194KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 195KB - Virtual size: 194KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB