49771a3bad6cc214819d8c8f99d69e44_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

49771a3bad6cc214819d8c8f99d69e44_JaffaCakes118
Size

208KB
MD5

49771a3bad6cc214819d8c8f99d69e44
SHA1

6e6c9e28c47a33f47a0436eb156a905a8e10bd4b
SHA256

9be9152459f376dd2719e6e40c8c2b1015a6c98d7e8d4fe3fb5450e71bf08393
SHA512

56ae6424a63092c54b9a883176d1aca11f15757da97357e82efc00937641ebb926524d398f40f2c594480060365cbe707682f3a36fbedb6fc4405165eebf7ae0
SSDEEP

3072:gz0Up1VYik5/NJueo9W3SvrGMx/il23MpwecxStW5w2IT2PilpLO8PjTl:gz0K3Emeo9RDZcpwechtIaPe5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49771a3bad6cc214819d8c8f99d69e44_JaffaCakes118

Files

49771a3bad6cc214819d8c8f99d69e44_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

637c5d8d711ea00f48ab6769667d6ae4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

EnterCriticalSection
LeaveCriticalSection
CloseHandle
MoveFileExA
ReadFile
RaiseException
lstrlenW
MultiByteToWideChar
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
lstrcatA
lstrcpyA
WriteFile
CreateMutexA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
CreateFileA
GetSystemDirectoryA
GetModuleFileNameA
GetLastError
LoadLibraryExA
lstrcpynA
FreeLibrary
IsDBCSLeadByte
lstrcmpiA
TerminateThread
Sleep
GetModuleHandleA
CreateThread
FlushFileBuffers
HeapCreate
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
RtlUnwind
ExitProcess
GetCommandLineA
GetCurrentThreadId
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetCurrentProcess
TerminateProcess
VirtualFree

user32

BringWindowToTop
CharNextA
GetClassNameA
GetDC
GetParent
EnumChildWindows
FindWindowExA
GetWindowRect
InflateRect
LoadBitmapA
ReleaseDC
SendMessageA
SetWindowPos
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
DestroyWindow
EnableWindow
ShowWindow

gdi32

CreateCompatibleBitmap
GetObjectA
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
GetDIBits

advapi32

RegSetValueExA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

UnRegisterTypeLi
RegisterTypeLi
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCopy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysStringLen
SysStringByteLen
VariantCopy
SafeArrayGetVartype
SysAllocString
VariantChangeType
VariantClear
SysAllocStringLen
VarUI4FromStr

shlwapi

PathFindExtensionA

wininet

InternetConnectA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetOpenA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

637c5d8d711ea00f48ab6769667d6ae4

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 88KB - Virtual size: 87KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 8KB - Virtual size: 7KB