5b9605aa21cf1bb6e21515c6bb6ddefc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b9605aa21cf1bb6e21515c6bb6ddefc_JaffaCakes118
Size

236KB
MD5

5b9605aa21cf1bb6e21515c6bb6ddefc
SHA1

9106b405c0959705b932a4e28c6733ac3e7e0204
SHA256

cf777d5fb37a99d5f46eca5a0ecd66bedf7731d856779821b6f12efb249be3f3
SHA512

6ff9c8880ede66ea901dc0640cefbe62ffe0d0dad5949ba90e1bb5f55b614dab2142e4356c83112d6e1c4690e3abf4798c4db0f282db1b4d5a1fe7a81f411a8e
SSDEEP

3072:ART+V0SFseNgnBRVP05ksNPw6TrsAkZ9oJcJa8aPgZAk1NhvtRATk:Ad+VdFse6RVPEkMwMTcdbZAk1NZGk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b9605aa21cf1bb6e21515c6bb6ddefc_JaffaCakes118

Files

5b9605aa21cf1bb6e21515c6bb6ddefc_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6e41a04c4770f025749b7b465331b26f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrcmpiW
LoadLibraryExW
GetModuleHandleW
CreateFileW
DeleteFileA
FlushFileBuffers
GetCurrentProcessId
GetFileAttributesW
GetLastError
VirtualQuery
LoadLibraryW
GetProcAddress
lstrlenA
lstrcpyA
GetTempPathA
GetTempFileNameW
WideCharToMultiByte
CreateMutexW
GetCurrentProcess
GlobalLock
OpenProcess
Sleep
lstrcmpW
GlobalUnlock
EnterCriticalSection
InterlockedExchangeAdd
DuplicateHandle
ReadFile
SetFilePointer
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
MultiByteToWideChar
RaiseException
DeleteCriticalSection
FindResourceExW
LoadResource
LockResource
GetVersionExW
SizeofResource
GetModuleFileNameW
CloseHandle
WriteFile
CreateFileA
lstrcatA
lstrcpynA
GetModuleHandleA
GetModuleFileNameA
FindResourceW
lstrlenW
OpenMutexW
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetCommandLineA
GetCurrentThreadId
GetSystemInfo
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
GetStartupInfoA
SetHandleCount
GetFileType
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
GetStdHandle
HeapCreate
VirtualFree
ExitProcess
SetLastError
HeapAlloc
HeapDestroy
TlsFree

user32

SetWindowLongW
SetTimer
KillTimer
GetParent
CallWindowProcW
CharNextW
UnhookWindowsHookEx
GetWindow
GetClassNameW
FindWindowExW
GetWindowLongW
GetKeyboardLayout
GetTopWindow
SendMessageW
UnregisterClassA
PtInRect
RegisterWindowMessageW

gdi32

DeleteObject
StretchBlt
SelectObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
GetObjectW
GetDIBColorTable

advapi32

RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

shell3

SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocString
VariantChangeType
SysReAllocStringLen
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
DispCallFunc
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
LoadRegTypeLi
SysStringLen
VarBstrCat
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantCopy
VariantClear
VariantInit
SysFreeString
VarUI4FromStr
LoadTypeLi

shlwapi

PathFindExtensionW

gdiplus

GdipCreateBitmapFromScan0
GdiplusStartup
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipFree
GdiplusShutdown
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipAlloc
GdipCloneImage

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e41a04c4770f025749b7b465331b26f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell3

ole32

oleaut32

shlwapi

gdiplus

msimg32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 157KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 160KB - Virtual size: 157KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 16KB - Virtual size: 13KB