613a362dc4fb6076721469e076dfc2e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

613a362dc4fb6076721469e076dfc2e2_JaffaCakes118
Size

660KB
MD5

613a362dc4fb6076721469e076dfc2e2
SHA1

efadd7093825e1aecb05777d2cd2b72c32829b16
SHA256

4801ec4f00b7c5ab3eeac47e229e3b5abb427034ec078d22849db5f68a3ee563
SHA512

24e6775babdec2ca7bfa65e9129809c6eb6b81cdb03bd0ee2fc0e98df07cb454cbe406e0acd1c136764315b53c0b2e659bd798605d7db48a2ddb1ab6b5f42f7c
SSDEEP

12288:32iGRYM/y/KUxecklpIMqnPGftFTErujO1A4eBQhOhpddjEeTgvOyCvT9UIi:Qhy/pwcklprJGuv4eShOhpddweT3/TU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
613a362dc4fb6076721469e076dfc2e2_JaffaCakes118

Files

613a362dc4fb6076721469e076dfc2e2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f9672335a71d63963d857acc7f6524c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mprui

DoPasswordDialog

advapi32

RegSetValueExA
RegEnumKeyA
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegSetValueA
RegQueryValueA
RegDeleteKeyA
SetNamedSecurityInfoA
SetEntriesInAclA
RegFlushKey
RegDeleteValueA
SetSecurityInfo
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCreateKeyExA
RegEnumKeyA

kernel32

MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
lstrlenW
lstrcmpi
lstrlen
CompareStringA
CompareStringW
lstrcat
WriteFile
CreateFileA
LockResource
SizeofResource
LoadResource
FindResourceA
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc
GetFileSize
ReadFile
SetFilePointer
FindResourceExA
WaitForSingleObject
ReleaseMutex
GetSystemInfo
GetModuleHandleA
lstrcpyA
FlushFileBuffers
DeleteFileA
GetModuleFileNameA
OpenEventA
VirtualProtect
FlushInstructionCache
GetCurrentProcess
SetLastError
GetCurrentThreadId
LocalFree
LocalAlloc
FormatMessageA
CreateMutexA
GlobalAlloc
InterlockedCompareExchange
SetWaitableTimer
CreateWaitableTimerA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
lstrcpyn
GetSystemDirectoryA
ExitProcess
FreeLibraryAndExitThread
TerminateThread
GetExitCodeThread
UnmapViewOfFile
MapViewOfFile
lstrcpyW
CopyFileA
OpenMutexA
CreateProcessA
GetShortPathNameA
CreateThread
GetVersionExA
SetErrorMode
CreateFileMappingA
SetUnhandledExceptionFilter
SetFileAttributesA
SetEndOfFile
GetWindowsDirectoryA
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
OpenSemaphoreA
CreateDirectoryA
FindVolumeMountPointClose
FindClose
CompareFileTime
FindNextFileA
GetThreadLocale
DuplicateHandle
GetFileAttributesA
GetTempPathA
MoveFileA
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenFileMappingA
ExitThread
GetTickCount
IsBadReadPtr
GetDiskFreeSpaceExA
SetCurrentDirectoryA
GetDriveTypeA
GetLogicalDriveStringsA
CancelWaitableTimer
OpenWaitableTimerA
GetSystemTime
ExpandEnvironmentStringsA
GetProcessHeap
DeviceIoControl
lstrcatW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetLocaleInfoA
GetStartupInfoA
GetFileType
LockResource
GetOEMCP
GetStdHandle
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
IsBadWritePtr
HeapCreate
QueryPerformanceCounter
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetSystemTimeAsFileTime
VirtualQuery
HeapDestroy
GetACP
InterlockedExchange
Sleep
CreateEventA
SetEvent
CloseHandle
InterlockedIncrement
InterlockedDecrement
GetVolumeInformationA
GetEnvironmentStringsW
UnhandledExceptionFilter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadCodePtr
GetLocaleInfoW
SetEnvironmentVariableA
GetCurrentProcessId
FindFirstFileA
TlsGetValue
TlsSetValue
TlsFree
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
GetCommandLineA
GetStartupInfoA
GetSystemTime
GetSystemTimeAsFileTime
LoadLibraryA
OpenFile
RaiseException
lstrcpyn
lstrcpyA
lstrcmp
lstrcat
TlsSetValue
Sleep
GetDateFormatA

ntdll

RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlUnwind
RtlSizeHeap
RtlEnterCriticalSection

oleaut32

SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysFreeString
GetErrorInfo
SysStringLen
SysAllocString
SysAllocString
GetErrorInfo
OleLoadPicture
SafeArrayAllocData
SafeArrayAllocDescriptor
VarBstrCat
VarBstrCmp
ClearCustData

shfolder

SHGetFolderPathA
SHGetFolderPathA

shlwapi

StrStrIA
SHDeleteValueA
PathFileExistsA
UrlEscapeA
StrStrIW
StrRChrA
StrCmpNIA
SHDeleteKeyA
PathRemoveExtensionA
StrCmpW
StrCmpNW
StrStrA
StrChrA
StrCmpW

secur32

InitSecurityInterfaceW
InitSecurityInterfaceW

user32

GetWindowThreadProcessId
wsprintfA
GetDlgItem
FindWindowExA
DefWindowProcA
SetPropA
CharLowerA
wsprintfW
MessageBoxA
FindWindowA
SendMessageTimeoutA
SetWindowsHookExA
CallNextHookEx
SetWindowLongA
CreateDesktopA
GetSystemMetrics
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageA
GetDesktopWindow
LoadStringA
wvsprintfA
RegisterClassExA
CreateWindowExA
GetMessageA
DispatchMessageA
PostMessageA
GetWindowTextA
GetClassNameA
SetWindowPos
RemovePropA
GetPropA
AttachThreadInput
GetActiveWindow
GetFocus
SetActiveWindow
GetForegroundWindow
GetKeyboardLayoutList
ActivateKeyboardLayout
GetKeyboardLayoutNameA
SetPropA
SetFocus
OemToCharBuffA
MessageBeep
LoadMenuA
IsCharLowerA
GetMessageA
GetMenu
GetDlgItem
FillRect
EndMenu
EmptyClipboard
DestroyCursor
DestroyCaret
CreateMDIWindowA
CreateIconFromResource
CreateIcon
CreateDialogIndirectParamA
CopyRect
CopyImage
CharNextA

wininet

InternetCrackUrlA
InternetGetCookieA
InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetSetOptionA
InternetQueryOptionA
HttpAddRequestHeadersA
InternetSetCookieA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetCanonicalizeUrlA
InternetConnectA
InternetCrackUrlA
InternetGetConnectedState
InternetCrackUrlA

ws2_32

gethostbyaddr
WSAStartup
WSAStartup

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateGuid
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
CoMarshalInterface
CoUnmarshalInterface
OleRun
CoCreateInstance
CoSetProxyBlanket
CoInitialize
OleRun

urlmon

URLDownloadToFileA
URLDownloadToFileA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
InitSecurityInterfaceW
LsaApCallPackage
LsaApCallPackagePassthrough
LsaApCallPackageUntrusted
LsaApInitializePackage
LsaApLogonTerminated
LsaApLogonUser
LsaApLogonUserEx
SpInitialize
c
f
o
s

Sections

.decoder
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9672335a71d63963d857acc7f6524c8

Headers

File Characteristics

Imports

mprui

advapi32

kernel32

ntdll

oleaut32

shfolder

shlwapi

secur32

user32

wininet

ws2_32

ole32

urlmon

shell32

Exports

Exports

Sections

.decoder Size: 656KB - Virtual size: 656KB

.decoder
Size: 656KB - Virtual size: 656KB