463c2e0d28707bea334dafab7a46a0d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

463c2e0d28707bea334dafab7a46a0d2_JaffaCakes118
Size

301KB
MD5

463c2e0d28707bea334dafab7a46a0d2
SHA1

634c987ba4d99e25e2b7f0dfe26d92db5f4451ac
SHA256

0e5163a6f4058a5658e9051886cee598fa8cad21a0aba135ac121802111d211a
SHA512

225728638c939514ae5b28abe60283c2c7c3ee37c707014ce25c449a1e9c001229cd311906b2184f3de12665386a6d4106f13b620282d2aa46d680cbcb6dcf5d
SSDEEP

6144:HzIx0BQAUDpW9kOKNd6VnBgnv6UCrXWrfNAxdz/U/b3fDe/BQqBQqCMG:HMXDUSLgB2v6vzWmPY/7fDSC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
463c2e0d28707bea334dafab7a46a0d2_JaffaCakes118

Files

463c2e0d28707bea334dafab7a46a0d2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8a15ad1a64302229b7935d19cc3b1216

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
GetProcessHeap
RtlUnwind
ExitProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentProcess
FlushFileBuffers
ReadFile
GetThreadLocale
GlobalFlags
WritePrivateProfileStringW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
FreeResource
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetModuleHandleA
GlobalFree
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
GetCurrentProcessId
GlobalAddAtomW
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
GetProcAddress
GetUserDefaultUILanguage
GetSystemDefaultLangID
EnumUILanguagesW
LockResource
FindResourceExW
InterlockedIncrement
InterlockedDecrement
CloseHandle
WaitForSingleObject
SetEvent
ResumeThread
SetThreadPriority
CreateEventW
CreateThread
WideCharToMultiByte
SetFilePointer
GetTimeFormatW
GetDateFormatW
GetLocalTime
WaitForMultipleObjects
CreateFileW
WriteFile
Sleep
GetLastError
InitializeCriticalSection
FreeLibrary
lstrlenW
lstrcmpiW
LeaveCriticalSection
DeleteCriticalSection
LoadLibraryExW
FindResourceW
EnterCriticalSection
LoadResource
SizeofResource
GetModuleHandleW
MultiByteToWideChar
RaiseException
QueryPerformanceCounter
GetModuleFileNameW

user32

GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetClassLongW
GetClassNameW
IsWindow
GetWindowTextW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
UnregisterClassW
CopyRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetPropW
GetCapture
SetActiveWindow
ShowWindow
GetPropW
RemovePropW
SetFocus
GetDlgItem
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetSysColorBrush
GetLastActivePopup
IsWindowEnabled
MessageBoxW
DestroyMenu
AdjustWindowRectEx
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
PostQuitMessage
GetClientRect
SetWindowPos
CreateWindowExW
PostMessageW
SetWindowLongW
GetWindowLongW
SendMessageW
EnableWindow
SetCapture
SetCursor
ReleaseCapture
PtInRect
InflateRect
DrawFocusRect
LoadCursorW
GetWindowRect
LoadBitmapW
CharNextW
GetSystemMetrics
UnregisterClassA

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
SetPixel
CreateCompatibleDC
DeleteObject
GetPixel
GetObjectW
BitBlt
CreateBitmap

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

CloseServiceHandle
RegDeleteKeyW
RegCloseKey
RegQueryValueW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyW
StartServiceW
RegEnumKeyExW
OpenServiceW
OpenSCManagerW
RegNotifyChangeKeyValue
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW

shell32

ShellExecuteExW

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW
InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW

ole32

PropVariantClear
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc

oleaut32

RegisterTypeLi
SysFreeString
SysStringLen
UnRegisterTypeLi
SysAllocString
LoadTypeLi
VarUI4FromStr
LoadRegTypeLi
VariantClear
VariantChangeType
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 221KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.abss
Size: - Virtual size: 556KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdat
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 165B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a15ad1a64302229b7935d19cc3b1216

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 221KB - Virtual size: 524KB

.abss Size: - Virtual size: 556KB

.data Size: 8KB - Virtual size: 8KB

.rdat Size: 8KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 165B

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 51KB - Virtual size: 50KB

.reloc Size: 4KB - Virtual size: 252B

.text
Size: 221KB - Virtual size: 524KB

.abss
Size: - Virtual size: 556KB

.data
Size: 8KB - Virtual size: 8KB

.rdat
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 165B

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 51KB - Virtual size: 50KB

.reloc
Size: 4KB - Virtual size: 252B