46cc1ddde162bc3566d8989210a663a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46cc1ddde162bc3566d8989210a663a5_JaffaCakes118
Size

351KB
MD5

46cc1ddde162bc3566d8989210a663a5
SHA1

21c8d32e6b5f101be8380de5efd93785fb5e362b
SHA256

fbd11807ece3b2f02dcd496d6e23743891a7874218f0f728e3594ba4dca6959b
SHA512

9d342e8ae0ebf167b29980e4dfbe92338fcc81f058a266b6cb2c1315969260e34f7ed1676fc0caf0f6e48aa9169f3a4d428654db86df11c8d670ea306780288d
SSDEEP

6144:Li0kvWTubtE8NKaO/NSVQqr/9EYtn58SvgwCMPkDR37IZEsVO:lwtQk/9EYtnAIZEsVO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46cc1ddde162bc3566d8989210a663a5_JaffaCakes118

Files

46cc1ddde162bc3566d8989210a663a5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cc508e053aebd50cf6da8d848c6bfe15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

mfc42

ord3353
ord2976
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord540
ord860
ord4202
ord2764
ord800
ord354
ord5186
ord1979
ord665
ord823
ord825
ord6143
ord535
ord6883
ord1158
ord1168
ord858
ord857
ord614
ord290
ord801
ord772
ord541
ord500
ord3830
ord537
ord2763
ord4277
ord6877
ord4129
ord1105
ord5683
ord925
ord6779
ord939
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3579
ord859
ord6778
ord6876
ord4204
ord923
ord5710
ord1988
ord3318
ord2803
ord5207
ord690
ord389
ord3237
ord2623
ord536
ord6662
ord5608
ord539
ord1601
ord926
ord6663
ord861
ord1200
ord6467
ord1154
ord2486
ord940
ord1997
ord6407
ord941
ord798
ord532
ord2915
ord922
ord924
ord6385
ord5442
ord5773
ord353
ord2818
ord6648
ord4278

msvcrt

asctime
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
memcpy
_mbsnbcpy
_onexit
__dllonexit
_strcmpi
_wcsicmp
_CxxThrowException
wcslen
_purecall
rename
localtime
_mbscmp
memcmp
atoi
malloc
memset
free
atof
time
fopen
fputs
fclose
__CxxFrameHandler
srand
rand
strcpy
sprintf
strlen
printf
strstr
strcat
realloc

kernel32

LocalFree
ExpandEnvironmentStringsA
FindClose
CopyFileA
FindNextFileA
FindFirstFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
GetExitCodeProcess
OpenProcess
GetCurrentProcess
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExA
DeviceIoControl
GetLocaleInfoA
GetVersion
lstrcpynA
FreeLibrary
lstrcmpA
GetLastError
lstrcatA
lstrcpyA
GetProcAddress
WriteFile
Sleep
WideCharToMultiByte
CreateProcessA
GetFileAttributesA
ResumeThread
CreateThread
WaitForSingleObject
FreeResource
LoadResource
SizeofResource
FindResourceA
GetWindowsDirectoryA
GetSystemDirectoryA
OpenFile
CloseHandle
ReadFile
GetFileSize
CreateFileA
InterlockedIncrement
MultiByteToWideChar
LocalAlloc
FormatMessageA
InterlockedDecrement
lstrlenA
GetModuleFileNameA
DeleteFileA
LoadLibraryA

user32

GetDlgItemTextA
SetDlgItemTextA
EndDialog
MessageBoxW
FindWindowExA
CallWindowProcA
SetForegroundWindow
SetWindowLongA
SendMessageA
wsprintfA
IsWindow
PostMessageA
GetParent
GetForegroundWindow
WaitForInputIdle
SetFocus
ShowWindow
GetDlgItem
ClientToScreen
ScreenToClient
ReleaseDC
GetWindowDC
SetWindowPos
GetWindowRect
GetDesktopWindow
GetCursorPos
GetDC
DialogBoxParamA
EnableWindow
GetSystemMetrics
CharToOemA
IsCharAlphaNumericA
MessageBoxA
EnumWindows
GetWindowThreadProcessId
IsChild
SetWindowTextA

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
SetPixel
DeleteObject
CreateFontA
CreateSolidBrush
SetBkColor
SetTextColor
GetDeviceCaps

advapi32

RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteExA
ShellExecuteA

olepro32

ord252
ord251

ole32

StringFromGUID2
CoCreateGuid
CoInitialize
OleRun
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
VariantClear
SysStringByteLen
SysAllocStringByteLen
VariantCopy
SysAllocStringLen
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
OleLoadPicturePath
OleSavePictureFile
GetErrorInfo
VariantInit

wininet

InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
FtpFindFirstFileA
FtpOpenFileA
InternetFindNextFileA
FtpCreateDirectoryA
InternetWriteFile
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
InternetOpenA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA

ws2_32

WSACleanup
gethostbyname
WSAStartup
inet_ntoa

crypt32

CertCloseStore
CertOpenSystemStoreA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc508e053aebd50cf6da8d848c6bfe15

Headers

File Characteristics

Imports

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

olepro32

ole32

oleaut32

wininet

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 309KB - Virtual size: 309KB

.text1 Size: 1KB - Virtual size: 1KB

.data1 Size: 23KB - Virtual size: 22KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 309KB - Virtual size: 309KB

.text1
Size: 1KB - Virtual size: 1KB

.data1
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB