6694103eb3b25a6fcb60904742a849b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6694103eb3b25a6fcb60904742a849b5_JaffaCakes118
Size

285KB
MD5

6694103eb3b25a6fcb60904742a849b5
SHA1

c3479d4d3c6bef98894224fe2ec5157b7ce64a4c
SHA256

c94e058bcfddf073ff9b3bfc38b6b69f014516a027ceb26db173a950c42aa139
SHA512

d4521f9a645c8d2329abf5d671c67c078dc4d59f38c798f1bf4eb10b70a881ac02b0b3b1ee2120f41b15c91246e1a3a0b8aece3792b1e73a84e540dab72a8674
SSDEEP

6144:2SmB6+Ee9qzsCRN9Eeosh7TBJjtkN5c3i016E:2Sc9qXTE1sh7Trj2N5b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6694103eb3b25a6fcb60904742a849b5_JaffaCakes118

Files

6694103eb3b25a6fcb60904742a849b5_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

1d327d79bb2200a01b415fef426f1eb5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

AssocQueryStringA
StrNCatA
StrRChrA
wnsprintfA
StrToIntA
StrStrA
StrStrIA
StrCmpNIA

comctl32

InitCommonControlsEx

wininet

HttpQueryInfoA

kernel32

DeleteCriticalSection
TlsAlloc
TlsFree
lstrlenA
GetProcAddress
GetModuleHandleA
lstrcmpiA
MultiByteToWideChar
IsDBCSLeadByte
WideCharToMultiByte
lstrlenW
SizeofResource
GetLastError
LoadResource
FindResourceA
LoadLibraryExA
GetThreadLocale
SetThreadLocale
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
lstrcpynA
GetTickCount
HeapAlloc
GetProcessHeap
TlsGetValue
TlsSetValue
HeapFree
CreateMutexA
ExitProcess
CreateThread
TerminateThread
WinExec
ReleaseMutex
CloseHandle
Sleep
OpenMutexA
GetVersionExA
GetCurrentProcess
CreateProcessA
TerminateProcess
GetExitCodeProcess
CreateFileMappingA
MapViewOfFile
ResetEvent
SetEvent
RaiseException
GetComputerNameA
GetVolumeInformationA
GetCurrentProcessId
GetVersion
LocalFree
CreateEventA
lstrcpyA
VirtualProtect
VirtualAlloc
FlushInstructionCache
VirtualFree
GetModuleFileNameA
WriteFile
GlobalAlloc
GlobalFree
GetTempPathA
DeleteFileA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
HeapCreate
InitializeCriticalSection
SetLastError
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
HeapSize
HeapReAlloc
HeapDestroy
InterlockedDecrement
InterlockedIncrement
FreeLibrary
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
LoadLibraryA
WaitForSingleObject

user32

DestroyMenu
EnableMenuItem
CharNextA
CharNextW
SetTimer
KillTimer
RegisterClassExA
CreateWindowExA
LoadIconA
GetMessageA
SetWindowPos
UpdateWindow
ShowWindow
GetActiveWindow
LoadCursorA
GetSysColorBrush
GetClientRect
SetActiveWindow
GetWindowLongA
SetWindowLongA
SystemParametersInfoA
GetMenuItemID
PostMessageA
SetForegroundWindow
GetCursorPos
DrawMenuBar
SetMenuDefaultItem
TrackPopupMenu
GetSubMenu
LoadMenuA
IsWindow
RegisterWindowMessageA
DefWindowProcA
SendMessageA
PostQuitMessage
DestroyWindow
GetParent
FindWindowA
DispatchMessageA
TranslateMessage

advapi32

SetNamedSecurityInfoA
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyA

shell32

Shell_NotifyIconA

ole32

OleSetContainedObject
OleCreate
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
CoCreateInstance

oleaut32

VariantInit
VarUI4FromStr
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi
VariantClear
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetLocid
GetTicket
RegisterTrayIcon
RunTrayIcon
ShowUpdateSuccessfull
UnregisterTrayIcon

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d327d79bb2200a01b415fef426f1eb5

Headers

File Characteristics

Imports

shlwapi

comctl32

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 183KB - Virtual size: 183KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 10KB - Virtual size: 21KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 183KB - Virtual size: 183KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 10KB - Virtual size: 21KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 16KB - Virtual size: 15KB