42b90c967831f8179f1436e1a1786628_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42b90c967831f8179f1436e1a1786628_JaffaCakes118
Size

358KB
MD5

42b90c967831f8179f1436e1a1786628
SHA1

3c29f413336022d4e78f62d1ae20ed1551a2174b
SHA256

6d3bed82bcad51d22a772abb892c4142c818079bf9f263724c5099095f0fcd35
SHA512

26de5056d3f0eef859651b92e66f342c1eb2e2daa9afbd84edf1c911a8127f93e5b7c9e63e81877f7b3c0a78f4887a01c2d9509776205ffc284e33a8889bc713
SSDEEP

6144:En3j/G/VL6WiUDjL8jcxKocw694jbaUpXKSfty24cSz:E3jmyUDj4cxKocR94jbaUpXKf23m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42b90c967831f8179f1436e1a1786628_JaffaCakes118

Files

42b90c967831f8179f1436e1a1786628_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

4c652b48ca3ed8d2ffcd445de80920c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpQueryInfoA
InternetCrackUrlA
InternetQueryOptionA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile
InternetGetConnectedState
HttpAddRequestHeadersA

shlwapi

PathFileExistsA
StrNCatA
StrRChrA
StrToIntA
StrStrA
StrCmpNIA
wvnsprintfA
wnsprintfA
StrStrIA

rpcrt4

UuidToStringA
UuidCreate

comctl32

InitCommonControlsEx

kernel32

GetProcAddress
GetModuleHandleA
lstrlenA
WinExec
IsDBCSLeadByte
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
OpenProcess
CloseHandle
GetCurrentProcess
LocalFree
HeapFree
lstrcmpA
ExpandEnvironmentStringsA
GetModuleHandleW
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExA
WriteFile
CreateFileA
TerminateThread
GetTickCount
TlsSetValue
TlsGetValue
ReleaseMutex
SleepEx
lstrcpyA
WaitForSingleObject
CreateMutexA
Sleep
CreateThread
ExitProcess
GetTempPathA
OpenMutexA
LoadLibraryA
GetVersionExA
GetVersion
HeapReAlloc
ResetEvent
CreateEventA
InterlockedIncrement
OpenEventA
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalFree
GlobalAlloc
lstrlenW
GetCurrentProcessId
GetExitCodeProcess
CreateProcessA
DeleteFileA
SetLastError
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
RtlUnwind
HeapSize
HeapDestroy
GetLastError
lstrcpynA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
GetStdHandle
GetStringTypeA
GetStringTypeW
SetHandleCount
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetFilePointer
GetConsoleCP
GetConsoleMode
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetModuleFileNameA
TlsAlloc
TlsFree
lstrcmpiA
GetProcessHeap
HeapAlloc
GetPrivateProfileStringA
InterlockedDecrement
SetEvent
FreeEnvironmentStringsW

user32

SetWindowLongA
SetParent
EnumChildWindows
SystemParametersInfoA
GetClassNameA
DrawMenuBar
SetForegroundWindow
TrackPopupMenu
PostMessageA
GetMenuItemID
LoadMenuA
GetSubMenu
DestroyMenu
SetMenuDefaultItem
IsWindow
LoadStringA
DestroyIcon
RegisterClassExA
CreateWindowExA
GetWindowLongA
TranslateMessage
DispatchMessageA
DefWindowProcA
LoadIconA
PostQuitMessage
SendMessageA
FindWindowA
GetParent
DestroyWindow
SetTimer
KillTimer
GetWindowDC
ReleaseDC
CharNextW
GetShellWindow
GetWindowThreadProcessId
GetUserObjectSecurity
GetClientRect
GetWindowRect
GetCursorPos
SetCursorPos
mouse_event
CharNextA
EnableMenuItem
DrawAnimatedRects
SetActiveWindow
RedrawWindow
RegisterWindowMessageA
MessageBoxA
SetWindowPos
GetActiveWindow
LoadCursorA
GetSysColorBrush
UpdateWindow
ShowWindow
GetMessageA
LoadImageA

gdi32

SelectObject
BitBlt
DeleteObject
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetPixel

advapi32

OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegCreateKeyA
RegQueryValueExA
RegCloseKey
SetNamedSecurityInfoA
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateProcessAsUserA
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
DuplicateTokenEx
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
IsValidSid
GetSecurityDescriptorOwner
OpenProcessToken
ConvertSidToStringSidA
RegOpenKeyA
RegDeleteKeyA

shell32

SHGetFolderPathA
SHAppBarMessage
Shell_NotifyIconA

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
StringFromGUID2
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleSetContainedObject
OleCreate
OleUninitialize
OleInitialize
CoTaskMemAlloc

oleaut32

SysAllocStringLen
VariantInit
VariantClear
VarUI4FromStr
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreate
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetLocid
GetTicket
RegisterTrayIcon
RunTrayIcon
ShowDoneMessage
ShowWelcomePage
UnregisterTrayIcon

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c652b48ca3ed8d2ffcd445de80920c4

Headers

File Characteristics

Imports

wininet

shlwapi

rpcrt4

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 224KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 224KB - Virtual size: 224KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 17KB - Virtual size: 16KB