5c4888d4e6ecf0c47325715e70bbe10a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c4888d4e6ecf0c47325715e70bbe10a_JaffaCakes118
Size

188KB
MD5

5c4888d4e6ecf0c47325715e70bbe10a
SHA1

6fe1a4af89e361cc6ca2b2062c59732eb1471d81
SHA256

6c96b098044acc23657e9463ead3a36a46ddca9c69c92fed6388f22ad9311ebd
SHA512

102a7f5be8884482c051f191f1fe6e18cca63d0011cba8ea158b7e06f2f363fdd042619ea8e608e2afdb2f9a6eb0648bfe28c2f95d9a403f0c00deaaf872b2d2
SSDEEP

3072:NpDJBxQ2MFvrNRoFmmOqqEequBH5fORqPYGlqFdaG6d:HDRQ2MFgpghd5UmYxFUG6d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c4888d4e6ecf0c47325715e70bbe10a_JaffaCakes118

Files

5c4888d4e6ecf0c47325715e70bbe10a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0f79848999f1781ef9cf3c276beeba31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
DeleteFileA
CloseHandle
TerminateThread
GetLocalTime
SetFileAttributesA
CopyFileA
WriteFile
CreateFileA
DebugBreak
GetFileAttributesA
CreateDirectoryA
FindClose
FindFirstFileA
GetWindowsDirectoryA
GetSystemDirectoryA
FreeLibrary
GetProfileIntA
GetUserDefaultLangID
Process32Next
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
IsDBCSLeadByte
SystemTimeToFileTime
FileTimeToSystemTime
lstrlenW
GetShortPathNameA
GetModuleFileNameA
SizeofResource
LoadLibraryExA
lstrcmpiA
lstrcpynA
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcpyA
lstrcatA
GetCurrentProcessId
LocalFree
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
LeaveCriticalSection
WideCharToMultiByte
FindResourceA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameA
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
ReadFile
SetUnhandledExceptionFilter
HeapSize
GetOEMCP
GetACP
GetCPInfo
ExitProcess
TlsGetValue
TlsFree
TlsAlloc
GetCommandLineA
LoadResource
HeapReAlloc
GetDriveTypeA
FileTimeToLocalFileTime
GetSystemTime
GetTimeZoneInformation
ExitThread
TlsSetValue
CreateThread
HeapAlloc
HeapFree
RaiseException
LockResource
LoadLibraryA
MultiByteToWideChar
GetModuleFileNameW
LoadLibraryW
OutputDebugStringA
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLastError
SetLastError
InterlockedIncrement
GlobalLock
GlobalUnlock
RtlUnwind
InterlockedDecrement
EnterCriticalSection
lstrlenA

user32

DispatchMessageA
IsWindow
DestroyWindow
DefWindowProcA
SetWindowTextA
GetKeyState
GetParent
SendMessageA
PostMessageA
GetWindowTextA
LoadStringA
SetFocus
TranslateMessage
CharNextA
EnableWindow
CreateDialogParamA
ShowWindow
SetTimer
GetDlgItemTextA
SetDlgItemTextA
GetClassNameA
CharLowerA
UnhookWindowsHookEx
SetWindowsHookExA
wvsprintfA
IsDlgButtonChecked
CheckDlgButton
GetWindow
SystemParametersInfoA
GetDlgItem
EndDialog
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
CallNextHookEx
CreateWindowExA
GetClassInfoExA
RegisterClassExA
LoadCursorA
wsprintfA
ReleaseDC
DialogBoxParamA
GetActiveWindow
MessageBoxA
MapWindowPoints
LoadMenuA
GetSubMenu
TrackPopupMenu
DestroyMenu
GetWindowRect
ScreenToClient
FindWindowExA
GetFocus
KillTimer
LoadBitmapA
GetDC
MoveWindow
CallWindowProcA
GetWindowLongA
SetWindowLongA
GetClientRect
SetWindowPos

gdi32

SelectObject
DeleteObject
DeleteDC
GetStockObject

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

ReleaseStgMedium
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysStringLen
LoadRegTypeLi
LoadTypeLi
SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantChangeType
VariantCopy
VarUI4FromStr
RegisterTypeLi

imm32

ImmGetOpenStatus
ImmSetCompositionStringA
ImmSetConversionStatus
ImmSetOpenStatus
ImmReleaseContext
ImmGetContext

wininet

InternetOpenA
InternetOpenUrlA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle

shlwapi

SHAutoComplete

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f79848999f1781ef9cf3c276beeba31

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

imm32

wininet

shlwapi

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 20KB - Virtual size: 27KB

.SHARED Size: 4KB - Virtual size: 1KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 20KB - Virtual size: 27KB

.SHARED
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 16KB - Virtual size: 13KB