44b22db9e43bf47f278f45f667b7a880_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44b22db9e43bf47f278f45f667b7a880_JaffaCakes118
Size

324KB
MD5

44b22db9e43bf47f278f45f667b7a880
SHA1

41cf6c99fef3272cdd845720226b68853304d090
SHA256

12f3732f27b6fcf416fb693433e730d54c2ecf50e06c047c37224152c210f464
SHA512

2ea89b000829b3dfc7468b324d88190891b5ee557edcea7b1219f7843fe8b0b0713a9a0ce31c13f7c8751ddb680604e6af7fb1757a80a9b570599c5944574fbc
SSDEEP

6144:DOdBxktEymLOvD4moYDdYvhwQOxAky1Jjt9DJc67:ifpymLOvD4moYDd0BOqky1JV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44b22db9e43bf47f278f45f667b7a880_JaffaCakes118

Files

44b22db9e43bf47f278f45f667b7a880_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

81929599deba65fcc3c9b94d9ac052d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\ClearSearch\cs 91\Grip\Grip\Release\Grip.pdb

Imports

lz32

LZOpenFileW
LZClose
LZCopy

wininet

InternetOpenUrlW
InternetReadFile
InternetOpenW
HttpQueryInfoW
InternetCanonicalizeUrlW
InternetCloseHandle

kernel32

lstrcpyW
GetLastError
RaiseException
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
DisableThreadLibraryCalls
GetCurrentThreadId
ReadFile
GetFileSize
CreateFileW
WriteFile
lstrlenA
GetProcAddress
LoadLibraryW
GetLocalTime
DeleteFileW
GetExitCodeThread
WaitForSingleObject
GetVersionExA
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
GetModuleHandleW
LoadLibraryA
GetOEMCP
GetStringTypeW
GetStringTypeA
GetCPInfo
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
HeapSize
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentProcessId
GetModuleFileNameW
lstrlenW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLocaleInfoA
GetThreadLocale
GetACP
InterlockedExchange
GetVersionExW
CloseHandle
HeapReAlloc
CreateThread
SetStdHandle
FlushFileBuffers
CreateFileA
SetEndOfFile
HeapFree
LocalFree
ExitProcess
IsBadReadPtr
GetTickCount
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCommandLineA
GetCurrentProcess
TerminateProcess
GetModuleHandleA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
WideCharToMultiByte
GetSystemTimeAsFileTime
HeapAlloc
RtlUnwind

user32

GetMessageW
LoadBitmapW
RegisterClassExW
TranslateMessage
DispatchMessageW
BeginPaint
GetDC
IsWindowVisible
FindWindowW
FindWindowExW
CallNextHookEx
UnhookWindowsHookEx
GetWindowThreadProcessId
RegisterWindowMessageW
SendMessageTimeoutW
GetClassNameW
GetParent
LoadCursorW
GetWindowTextW
SetWindowsHookExW
CharNextW
DestroyWindow
SetWindowTextW
GetClientRect
FrameRect
DrawTextW
EndPaint
PostQuitMessage
DefWindowProcW
CreateWindowExW
SetTimer
ShowWindow
UpdateWindow
LoadIconW

gdi32

CreateSolidBrush
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
SetTextColor
GetObjectW
CreateFontW
GetDeviceCaps

advapi32

RegOpenKeyExW
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyW
RegEnumValueW
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHAppBarMessage

ole32

CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

VariantInit
VariantChangeType
VariantClear
SysAllocString
VarUI4FromStr
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81929599deba65fcc3c9b94d9ac052d2

Headers

File Characteristics

PDB Paths

Imports

lz32

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 216KB - Virtual size: 215KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 24KB - Virtual size: 85KB

Shared Size: 4KB - Virtual size: 12B

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 216KB - Virtual size: 215KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 24KB - Virtual size: 85KB

Shared
Size: 4KB - Virtual size: 12B

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 16KB - Virtual size: 15KB