4761703388c2fd8601c2e6c2a6c3c5e9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4761703388c2fd8601c2e6c2a6c3c5e9_JaffaCakes118
Size

136KB
MD5

4761703388c2fd8601c2e6c2a6c3c5e9
SHA1

73010c7a3d18a38879585620754e104a39fbea04
SHA256

1a65e45dbb67bfcbfde47611c5f238efa0498e99d1ce58c1a9f9a942ea88eb80
SHA512

ea648103b33b65cd13319e689c9e518fb3a8fa73b47857f792b4c3b130ea6726597ad80895c744e3f13747394c718c0b9f41a868f85fb5a88d52c8ba2f5bcd5d
SSDEEP

1536:JBWUKCUOZnK9+fPEbKM2mYv0P/LfsvZyIQ6kdR4rdR4wxbJJi5s/5ucjpyweM:JBj7K9+fPEoNCDsvoIfRxbJJi5s/nyFM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4761703388c2fd8601c2e6c2a6c3c5e9_JaffaCakes118

Files

4761703388c2fd8601c2e6c2a6c3c5e9_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8a823bd7942d4f31d24efb052b8b283a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
DisableThreadLibraryCalls
CreateThread
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
GetProcAddress
lstrcatA
lstrlenW
GetModuleHandleA
SizeofResource
LoadResource
FreeLibrary
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
OpenMutexA
CreateMutexA
GetTickCount
GetCurrentProcessId
GetVolumeInformationA
ReleaseMutex
WaitForSingleObject
GetSystemDirectoryA
lstrcpyA
IsBadStringPtrW
LocalFree
CreateFileA
DeviceIoControl
CloseHandle
GetFileAttributesA
CreateDirectoryA
GetWindowsDirectoryA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
DeleteFileA
GetLastError
MoveFileExA
GetVersionExA
GetShortPathNameA
GetModuleFileNameA
OutputDebugStringA
DebugBreak
lstrlenA
InterlockedDecrement
InterlockedIncrement
FindResourceA

user32

DrawFocusRect
DrawIconEx
GetClassNameA
GetParent
LoadIconA
LoadImageA
GetSysColor
InflateRect
RemovePropA
CallWindowProcW
CallWindowProcA
GetPropA
SetPropA
IsWindowUnicode
SetWindowLongW
SetWindowLongA
EnumWindows
PostMessageA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
wsprintfA
FindWindowExA
IsWindow
SetWindowTextA
GetDC
GetWindowTextA
ValidateRect
ReleaseDC
GetClientRect
InvalidateRect
GetFocus
LoadStringA
CharNextA
wvsprintfA
SendMessageA
CopyRect
DrawTextA

gdi32

CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
GetPixel
TextOutA
SetBkColor
ExtTextOutA
SetTextColor
SetBkMode

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegSetValueExA
RegEnumValueA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

GetErrorInfo
SysAllocString
SysAllocStringLen
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
CreateErrorInfo
VariantChangeType
SetErrorInfo
SysFreeString

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

socket
connect
send
closesocket
gethostbyname
WSAStartup
htons

shlwapi

SHDeleteKeyA
PathRemoveFileSpecA
PathCombineA
PathIsDirectoryA
SHGetValueA
SHSetValueA

msvcrt

wcschr
iswdigit
swscanf
iswalpha
_open
malloc
free
realloc
_mbspbrk
_mbsnbcat
_mbsupr
fgets
sprintf
strcmp
_mbsstr
wcsstr
wcsncpy
_wcsicmp
_snwprintf
time
_purecall
memcmp
_beginthreadex
_endthreadex
rand
srand
_mbschr
fread
_stat
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_read
_stricmp
_close
_mbsnbcmp
strstr
isxdigit
_strnicmp
_mbsnbcpy
strncpy
_CxxThrowException
__CxxFrameHandler
atol
strcpy
strchr
fopen
fseek
fclose
fwrite
strcat
_snprintf
strrchr
_mbsrchr
memset
atoi
_ismbcdigit
wcslen
??2@YAPAXI@Z
memcpy
??3@YAXPAX@Z
_mbscmp
_mbsicmp
strlen

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate

urlmon

URLDownloadToFileA

wininet

InternetOpenA
DeleteUrlCacheEntry
InternetConnectA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
InternetSetFilePointer
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a823bd7942d4f31d24efb052b8b283a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

version

ws2_32

shlwapi

msvcrt

iphlpapi

rpcrt4

urlmon

wininet

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 12KB - Virtual size: 19KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 20KB - Virtual size: 18KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 12KB - Virtual size: 19KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 20KB - Virtual size: 18KB

.reloc
Size: 8KB - Virtual size: 4KB