5bff17636832da045909a73e86ec77ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5bff17636832da045909a73e86ec77ee_JaffaCakes118
Size

252KB
MD5

5bff17636832da045909a73e86ec77ee
SHA1

8a491cf3fbe8f48b42f089d895490a49869f258e
SHA256

96f4dfe10590606d9c187715c55c5fc069d046fa54b62a7270e098ce584c1b73
SHA512

a2382503ff9fd2cd6ae8e25b4213684d6da6e702583686e9f8bceb6bd8f2457b61ccdd9633ee2793ba33be667b8be0d515470d0b35ba30a943577d0b428112c6
SSDEEP

6144:l9xrz8BW9NMRs6M2Q8WDN+WNLnVus7cvYAQkq0S:3vwM25WxVj1T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bff17636832da045909a73e86ec77ee_JaffaCakes118

Files

5bff17636832da045909a73e86ec77ee_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

90cb0d0c29a2e7e1c47f02f18ef0293f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetVersionExA
DeviceIoControl
CreateFileA
ReadFile
SetFilePointer
GetSystemDirectoryA
GetWindowsDirectoryA
WideCharToMultiByte
WinExec
LockResource
SizeofResource
LoadResource
FindResourceA
GetACP
CreateDirectoryA
GetEnvironmentVariableA
lstrcatA
FindClose
FindNextFileA
FindFirstFileA
ReleaseMutex
WriteFile
MoveFileExA
CopyFileA
GetCurrentProcess
InterlockedDecrement
SetEvent
WaitForMultipleObjects
ResetEvent
CreateEventA
lstrlenW
LoadLibraryExA
SetErrorMode
LocalFree
VirtualQuery
MoveFileA
Sleep
lstrlenA
MultiByteToWideChar
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileSectionA
DeleteFileA
GetTempPathA
GetTempFileNameA
WaitForSingleObject
GetTickCount
CreateMutexA
GetLastError
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetShortPathNameA
GetModuleFileNameA
RemoveDirectoryA

user32

GetSysColor
GetDesktopWindow
MessageBoxA
GetClassNameA
CallWindowProcW
IsWindowVisible
EnableWindow
SetWindowTextA
GetForegroundWindow
CallWindowProcA
IsIconic
SetWindowLongA
PostQuitMessage
LoadStringA
PeekMessageA
GetPropA
GetParent
GetClientRect
FlashWindowEx
PostMessageA
FindWindowExA
LoadBitmapA
IsWindow
DestroyWindow
DestroyIcon
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
IsDialogMessageA
GetMessageA
ShowWindow
SetWindowPos
ScreenToClient
GetWindowRect
GetDlgItem
CreateDialogParamA
RemovePropA
KillTimer
SetTimer
SetPropA
IsWindowUnicode
SetWindowLongW
GetSystemMetrics
SetForegroundWindow
GetAncestor
GetCapture
GetDC
GetMessagePos
SendMessageA
ReleaseDC
SetCapture
ReleaseCapture
LoadCursorA
SetCursor
BeginPaint
GetWindowTextA
DrawTextA
EndPaint
DialogBoxParamA
InvalidateRect
CheckDlgButton
IsDlgButtonChecked
EndDialog
ExitWindowsEx
SetDlgItemTextA
LoadImageA
LoadIconA
wsprintfA

gdi32

GetObjectA
GetPixel
SelectObject
SetTextColor
CreateFontIndirectA
SetBkColor
DeleteObject

advapi32

RegOpenKeyA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
LookupPrivilegeValueA

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance
OleUninitialize
OleInitialize
CoUninitialize
CoGetMalloc
StringFromIID
CLSIDFromString

oleaut32

SysAllocString
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
SysFreeString
LoadTypeLi

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked

shlwapi

SHRegEnumUSKeyA
SHRegOpenUSKeyA
SHDeleteValueA
SHDeleteEmptyKeyA
SHGetValueA
SHDeleteKeyA
SHSetValueA
SHRegCloseUSKey

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

urlmon

URLDownloadToFileA

msvcrt

_itoa
__CxxFrameHandler
memset
??2@YAPAXI@Z
memcmp
strcat
strcpy
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
_CxxThrowException
toupper
wcscpy
wcslen
strncat
wcscmp
_mbsnbcmp
_mbscmp
atoi
atol
_stricmp
rewind
fgets
_strnicmp
memmove
fwrite
_vsnprintf
fseek
fprintf
ftell
_ftol
_mbsstr
sprintf
strchr
sscanf
time
srand
rand
_mbsnbcpy
free
fopen
fread
fclose
malloc
strstr
_beginthreadex
strncpy
strrchr
_except_handler3
memcpy
strcmp
_mbsicmp
_snprintf
strlen

setupapi

SetupIterateCabinetA

wininet

InternetConnectA
InternetOpenA
InternetSetStatusCallback
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetGetConnectedState
InternetCrackUrlA
HttpQueryInfoA
InternetCloseHandle

Exports

Exports

Action
ActionEx
CheckIntegrity
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EventInvoke
Install
SCEventInvoke
SetSysInfo
Version

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ylive_d
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90cb0d0c29a2e7e1c47f02f18ef0293f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

version

urlmon

msvcrt

setupapi

wininet

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 22KB

.ylive_d Size: 4KB - Virtual size: 8B

.rsrc Size: 156KB - Virtual size: 152KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 22KB

.ylive_d
Size: 4KB - Virtual size: 8B

.rsrc
Size: 156KB - Virtual size: 152KB

.reloc
Size: 8KB - Virtual size: 5KB