5e72723eac70f1e7a1837d1ea45a313c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e72723eac70f1e7a1837d1ea45a313c_JaffaCakes118
Size

452KB
MD5

5e72723eac70f1e7a1837d1ea45a313c
SHA1

428243b70ce2a56440f696156703a1c4d794c2f7
SHA256

0a6667524c2ebb426a76f30f0595d0694c10d1f62f3d2c3dd3b2025820c65383
SHA512

1b5e7697659a094af6b52d8a610545a77e1aa069f15a0fd04a6851ba8c7d25d622ccfb0108374eb8991da3c06169ce9590a0941dc875057e7fba0ac7de6b6685
SSDEEP

6144:IYVKF2SmSiSRS3mTcHDZR0ji0sEFfn40lJYFbF3wi6VVwaS+puC/of:rKF2CiS036cHDZR0jaEFf4+a/VCuCQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e72723eac70f1e7a1837d1ea45a313c_JaffaCakes118

Files

5e72723eac70f1e7a1837d1ea45a313c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2fd280a8bd54cc7d83b26571ef2d250e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msmom.dll.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

GetVersionExA
RaiseException
DebugBreak
SetUnhandledExceptionFilter
TerminateProcess
RtlUnwind
MapViewOfFile
GetCurrentProcessId
lstrcmpA
GetAtomNameA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
GetProcessTimes
CompareFileTime
LoadLibraryA
SetLastError
TerminateThread
CreateMutexA
CreateFileA
IsDBCSLeadByteEx
ReleaseMutex
VirtualAlloc
VirtualFree
GetPrivateProfileStringA
FlushFileBuffers
GetFileInformationByHandle
GetSystemTime
IsDBCSLeadByte
GetStringTypeExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFindAtomA
GlobalAddAtomA
GlobalDeleteAtom
GetUserDefaultLangID
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateThread
WaitForSingleObject
SetEvent
GetTimeZoneInformation
WriteFile
SetEndOfFile
GetSystemTimeAsFileTime
GetLocalTime
GetModuleFileNameA
GlobalAlloc
GlobalFree
FreeLibrary
GetProcAddress
MapViewOfFileEx
GetFileSize
IsBadWritePtr
SetFilePointer
ReadFile
MultiByteToWideChar
UnmapViewOfFile
CloseHandle
LocalFree
lstrcmpiA
lstrcpynA
LocalReAlloc
DeleteCriticalSection
GetVersionExW
DisableThreadLibraryCalls
GetSystemInfo
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetTickCount
WideCharToMultiByte
GetACP
FindClose
GetLastError
GetCurrentThreadId
lstrlenA
LocalAlloc

msnmetal

ord118
ord102
ord154
ord121
ord4
ord103
ord101
ord36
ord100
ord3
ord15
ord122
ord105
ord106
ord107
ord104
ord17
ord119
ord123
ord124
ord126
ord127
ord12
ord125
ord18
ord120
ord109
ord110
ord27
ord33
ord108
ord111
ord112
ord113
ord114
ord115
ord116
ord8
ord117
ord137
ord128
ord136
ord132
ord131
ord133
ord135
ord134
ord39
ord38
ord130
ord138
ord37
ord24
ord139
ord140
ord29
ord141
ord9
ord10
ord142
ord144
ord143
ord34
ord19
ord157
ord26
ord16

ole32

CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal
StringFromGUID2
CoCreateGuid
CoTaskMemRealloc
CreateBindCtx
CoUninitialize

oleaut32

SysFreeString
LoadTypeLi
SysAllocString
SysAllocStringLen
SysStringLen
SysStringByteLen
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate

shell32

SHGetMalloc
SHGetSpecialFolderLocation

shlwapi

PathIsURLA
StrCmpNIA
StrCmpNA
StrCatBuffW
StrChrW
StrCmpIW
StrStrIW
StrTrimW
StrCpyNW
StrToIntA
StrCatW
StrCmpNW
wnsprintfW
StrStrW
PathFileExistsW
SHStrDupW
StrStrA
StrChrA
PathFindExtensionA
StrCatBuffA
StrStrIA
wvnsprintfA
StrTrimA
StrCmpW
StrFormatKBSizeW
PathFindFileNameW
SHDeleteKeyW
PathIsDirectoryW
PathRemoveFileSpecW
PathRemoveExtensionW
StrToIntExW
StrCmpNIW
wnsprintfA
PathCombineW
PathFindExtensionW
UrlUnescapeW
SHGetValueW
PathAppendW

urlmon

ObtainUserAgentString
URLOpenBlockingStreamW
CoInternetGetSession
CreateURLMoniker
RegisterBindStatusCallback
RevokeBindStatusCallback
CoInternetParseUrl

user32

GetActiveWindow
InvalidateRect
EnableWindow
GetDlgItem
EndDialog
SetFocus
MapWindowPoints
GetClientRect
UpdateWindow
SetCursor
DestroyWindow
IsWindow
ShowWindow
TranslateMessage
MsgWaitForMultipleObjects
SetTimer
KillTimer
GetCapture
GetSystemMetrics
CheckDlgButton
IsDlgButtonChecked
CharLowerA
CharUpperA
GetParent
SetWindowTextA
SetForegroundWindow
GetWindowTextA
LoadStringA
GetWindowThreadProcessId
CreateWindowExA
RegisterClassA
GetClassInfoA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wintrust

WinVerifyTrust

wsock32

WSAStartup
htons
recv
WSACleanup
gethostname
gethostbyname
WSAGetLastError
inet_addr
send
closesocket
WSAAsyncSelect
connect
socket
ioctlsocket

Exports

Exports

CheckMailDBXs
CreateMailBehavior
CreateMailStoreBehaviorInstance
GetHotmailUrl
OnAddressBookImportCompleted
PassivateMailDll

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fd280a8bd54cc7d83b26571ef2d250e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msnmetal

ole32

oleaut32

shell32

shlwapi

urlmon

user32

version

wintrust

wsock32

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 286KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 140KB - Virtual size: 137KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 288KB - Virtual size: 286KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 140KB - Virtual size: 137KB

.reloc
Size: 16KB - Virtual size: 12KB