61ae5effcd4142eb59966054d44fe728_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

61ae5effcd4142eb59966054d44fe728_JaffaCakes118
Size

188KB
MD5

61ae5effcd4142eb59966054d44fe728
SHA1

6a48280599c33cfbc5f1109925f7f73558cbe75c
SHA256

02bc3a3317312d65b954ff3adc1cdabbaf5f592d16c04e8564242cedcaa15925
SHA512

78d739b0a3465923a551b162ad69542c8eee76388eddb11170d5ed9c087476386425a8aabe2fc1eed221c9e7853aff38de757963b98cfca82d02893e17701b6a
SSDEEP

3072:xLB4gJppBK2FmfG7VnSN00R310XVSgo6fixdtuoVewNYcOgwaSlTl/ph:x1FBKBf0E31uixdUpwNYcMaSlZD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61ae5effcd4142eb59966054d44fe728_JaffaCakes118

Files

61ae5effcd4142eb59966054d44fe728_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

68ce63ff15deae64c13a904b1489e220

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Work\Venora\AdBand 11 one feed\Release\MovieBand.pdb

Imports

kernel32

GetCurrentThreadId
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrlenA
lstrcmpiA
LoadLibraryExA
lstrcpynA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
CloseHandle
GetModuleFileNameA
FreeLibrary
CreateEventA
OpenEventA
lstrcpyW
GetDateFormatA
GetTimeFormatA
WriteFile
SetFilePointer
CreateFileA
DeleteFileA
GetTickCount
lstrcpyA
lstrcatA
IsBadReadPtr
GetVolumeInformationA
OutputDebugStringA
HeapReAlloc
HeapSize
GetModuleFileNameW
SetLastError
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
LoadLibraryA
IsBadCodePtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
GetOEMCP
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetCurrentProcessId
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetLastError
LoadLibraryW
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
HeapDestroy
LocalFree
RtlUnwind
ExitProcess
VirtualProtect
GetModuleHandleA

user32

EndPaint
GetWindowTextLengthA
GetWindowTextA
SetWindowLongA
SendMessageA
GetClientRect
SetCursor
BeginPaint
MoveWindow
UpdateWindow
InvalidateRect
RedrawWindow
GetParent
wsprintfA
LoadCursorA
PostMessageA
CopyRect
IsWindowVisible
ScreenToClient
GetWindowRect
GetDlgItem
ShowWindow
CharNextA
DrawTextA
CallWindowProcA
GetWindowLongA
IsWindow
DefWindowProcA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
UnregisterClassA
FillRect
TrackMouseEvent
DestroyWindow

advapi32

RegEnumKeyExA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegQueryInfoKeyA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

shell32

ShellExecuteA

oleaut32

UnRegisterTypeLi
RegisterTypeLi
SysAllocString
SysStringLen
LoadTypeLi
LoadRegTypeLi
DispCallFunc
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysFreeString
VariantChangeType

shlwapi

PathAppendA
PathFindExtensionA
UrlUnescapeA
PathRemoveFileSpecA

gdi32

SetBkMode
SetTextColor
CreateSolidBrush
DeleteObject
RoundRect
CreatePen
SelectObject
GetStockObject
CreateFontA

wininet

HttpQueryInfoA
InternetSetStatusCallback
InternetReadFileExA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68ce63ff15deae64c13a904b1489e220

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

wininet

iphlpapi

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 11KB