5d37cbae1d411ef713daeee87ecd275b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5d37cbae1d411ef713daeee87ecd275b_JaffaCakes118
Size

176KB
MD5

5d37cbae1d411ef713daeee87ecd275b
SHA1

e34994eae63decb2fe0e77138f6cf5a4b5159f25
SHA256

42ceb21190b7bc3b0f11a0fcdfc1c144ae6283e2a8e7f5343205d3b1de773cdc
SHA512

f2e9f7f22e17ca595717ae132c5d45ec8bb75ad272f722e9b61e7ce3b44d6b8ba6b2d14c105c5d75b5caeca5d520bb6998b1f4cd5780273c6eed48e86f38845a
SSDEEP

3072:XBw8gVURJQ0r4xeNi8vKWaVmQWN5FW6fu9ZDNnzmFZyM9lZmkgR/7TQ+zQbj:KKRJrMkNhpN5FW6mJCRxfgR/7TQ+zQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d37cbae1d411ef713daeee87ecd275b_JaffaCakes118

Files

5d37cbae1d411ef713daeee87ecd275b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

20ee5b31240ccc971cb904660e0451bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
CreateThread
CloseHandle
WaitForSingleObject
GetCurrentThreadId
Sleep
CreateDirectoryA
CopyFileA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
WinExec
GetWindowsDirectoryA
GetLocalTime
FlushInstructionCache
GetCurrentProcess
FreeResource
GlobalFree
GlobalHandle
LockResource
GlobalAlloc
GlobalUnlock
GlobalLock
lstrcmpA
ReadFile
OpenFile
WriteFile
GetFileAttributesA
GetVersionExA
CreateFileA
InterlockedExchange
CompareStringW
CompareStringA
SetEndOfFile
FlushFileBuffers
SetStdHandle
SetFilePointer
InterlockedDecrement
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
TerminateProcess
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
ExitProcess
GetOEMCP
GetACP
GetCPInfo
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetVersion
GetCommandLineA
SetEnvironmentVariableA
GetSystemTime
GetTimeZoneInformation
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
GetLastError
MultiByteToWideChar
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleHandleA
GetShortPathNameA
lstrlenW
GetModuleFileNameA
DisableThreadLibraryCalls
lstrcmpiA
lstrlenA
RaiseException

user32

GetSystemMetrics
MoveWindow
SetWindowPos
wsprintfA
KillTimer
SetTimer
GetDlgItem
SendMessageA
GetWindowRect
IsWindowVisible
GetDesktopWindow
SetWindowsHookExA
IsWindow
ShowWindow
GetClassNameA
FindWindowExA
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
PostMessageA
GetWindowTextA
GetFocus
CallNextHookEx
SetWindowLongA
CreateDialogIndirectParamA
RegisterClassExA
LoadCursorA
GetClassInfoExA
CharNextA
EndDialog
GetClientRect
DestroyWindow
EnumThreadWindows
UnhookWindowsHookEx
RegisterWindowMessageA
DefWindowProcA
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateWindowExA
CreateAcceleratorTableA
GetParent
RedrawWindow
BeginPaint
FillRect
EndPaint
GetDC
ReleaseDC
IsChild
SetFocus
GetSysColor
CallWindowProcA
GetWindowLongA
GetWindowTextLengthA
SetWindowTextA
GetWindow

gdi32

GetStockObject
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
GetObjectA

advapi32

RegCreateKeyA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA

ole32

OleUninitialize
OleLockRunning
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree

oleaut32

OleCreateFontIndirect
SysAllocStringLen
VariantClear
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr
SysFreeString
VariantInit

ws2_32

WSACleanup
WSAStartup
gethostbyname
inet_ntoa
ioctlsocket
inet_addr
htons
connect
select
__WSAFDIsSet
closesocket

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetQueryDataAvailable
InternetSetCookieExA

netapi32

Netbios

shlwapi

StrStrIA
SHDeleteKeyA
SHDeleteValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20ee5b31240ccc971cb904660e0451bb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

wininet

netapi32

shlwapi

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 24KB - Virtual size: 30KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 24KB - Virtual size: 30KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 10KB