451ac90b3b6448e052cc8f8fc08859fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

451ac90b3b6448e052cc8f8fc08859fc_JaffaCakes118
Size

188KB
MD5

451ac90b3b6448e052cc8f8fc08859fc
SHA1

ff73844ba7191c61844073637223ec60b7ee5584
SHA256

1b803f7e996f963e2787e0f597d41bea4fbddeb052382294cd24863cc20d6eaa
SHA512

3e1178a239e2316b452e2b74bbab33cd0b9dae57b14d4eceb840dd5b61358b08639f1f01ec9a56d59f32ecceda921e0e39209f99f6cb8a55050089934d8dbf21
SSDEEP

3072:hdI8Csu3vSUBfF+K2p0SukHK/BEup8CnJJ3MwlZ6NSU9kGQla/H+IaY:+qUBCp0SukHk+u573llZgSaXQl57Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
451ac90b3b6448e052cc8f8fc08859fc_JaffaCakes118

Files

451ac90b3b6448e052cc8f8fc08859fc_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

71d42de695006e641a3e4cd2d83a7c9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

CoInternetGetSession
FindMimeFromData

wininet

InternetCanonicalizeUrlW
InternetCombineUrlW

clntutil

ord14

kernel32

WideCharToMultiByte
GetProcAddress
LoadLibraryA
lstrcpyA
MultiByteToWideChar
lstrlenA
HeapDestroy
FreeLibrary
lstrlenW
GetModuleFileNameA
Sleep
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
lstrcatA
EnterCriticalSection
CreateEventA
MapViewOfFile
CreateFileMappingA
SetEnvironmentVariableA
GetCurrentThreadId
UnmapViewOfFile
CloseHandle
OpenFileMappingA
ReleaseMutex
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
GetVersionExA
GetCurrentThread
GetCurrentProcess
DisableThreadLibraryCalls
GetLastError
CreateMutexA
GetCurrentProcessId
WaitForSingleObject
LocalFree
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileStringA
SetLastError
ExpandEnvironmentStringsA
GetEnvironmentVariableA
GetFileAttributesA

user32

wsprintfA
CharNextA

advapi32

RegSetValueExA
RegFlushKey
RegEnumValueA
RegEnumKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
GetUserNameA
InitializeSecurityDescriptor
RegCreateKeyExA
SetSecurityDescriptorDacl
RegQueryValueExA
RegCloseKey

ole32

CLSIDFromString
CoCreateGuid
CoCreateInstance
CLSIDFromProgID

oleaut32

RegisterTypeLi
SysAllocString
LoadTypeLi
SysStringLen
SysAllocStringLen
LoadRegTypeLi
SysFreeString

msvcrt

wcsncpy
??3@YAXPAX@Z
memcmp
swprintf
_purecall
??2@YAPAXI@Z
memcpy
wcscpy
wcslen
memset
fread
wcscmp
wcsrchr
sprintf
wcschr
wcsstr
fclose
fseek
fopen
_stat
__dllonexit
wcspbrk
wcsncmp
__CxxFrameHandler
atof
strcpy
swscanf
wcscat
_snwprintf
memmove
_CxxThrowException
??0exception@@QAE@ABV0@@Z
strncpy
??0exception@@QAE@XZ
??1exception@@UAE@XZ
strlen
wcstoul
_mbsicmp
_mbslwr
strcat
fwrite
rand
srand
time
iswdigit
strncmp
_initterm
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
strncat
strstr
strrchr
malloc
_wcslwr
_wcsicmp
_wcsnicmp
strchr
realloc
_adjust_fdiv
atoi
_mbsdec
_stricmp
free
strcmp
_snprintf
_mbschr

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SetupDLLEnvironment

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

71d42de695006e641a3e4cd2d83a7c9e

Headers

File Characteristics

Imports

urlmon

wininet

clntutil

kernel32

user32

advapi32

ole32

oleaut32

msvcrt

shell32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 32KB - Virtual size: 31KB

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 8KB - Virtual size: 7KB

.rmnet Size: 56KB - Virtual size: 56KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 8KB - Virtual size: 7KB

.rmnet
Size: 56KB - Virtual size: 56KB