6a6a2a15b947840729d458a0e5bd57d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a6a2a15b947840729d458a0e5bd57d8_JaffaCakes118
Size

256KB
MD5

6a6a2a15b947840729d458a0e5bd57d8
SHA1

a673eeb876bece82232275c43fc52f809819b86a
SHA256

7bdc53fcc90476a07c3e1c5c6bd32fba93db69ec8ffff5c81c203cd9c02aedf0
SHA512

68dcfd83c9d0eb04d00d653e4877db4f08ac3d195b7c5a4f6e6e4c5e015ae9308577e2f4f00e19cc28ac85081b999a9543142fd377921a740c19fc82efed13a5
SSDEEP

3072:4jcSTh/PUwWNxbNImfDFU52WhjpGCNLdASzU2YRHu6DsxDdvyIU5IwEtajO8i4CP:4jc0WNRNTFU5BhpGOBYRyZwnOAI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a6a2a15b947840729d458a0e5bd57d8_JaffaCakes118

Files

6a6a2a15b947840729d458a0e5bd57d8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

916cd936656ca454f3b5395bab0b065f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetCommandLineA
ExitProcess
TerminateProcess
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
HeapSize
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
HeapAlloc
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapFree
RtlUnwind
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
DuplicateHandle
GetOEMCP
GetCPInfo
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
MulDiv
SetLastError
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
GlobalFree
LockResource
CloseHandle
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
FormatMessageA
LocalFree
GetSystemDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
lstrcatA
lstrcpyA
LoadLibraryA
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
GetLastError
FindResourceA
LoadResource
SizeofResource
WideCharToMultiByte
GetShortPathNameA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetErrorMode
LoadLibraryExA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetEnvironmentStrings
lstrlenA
InterlockedExchange

user32

PostThreadMessageA
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextA
GetDlgCtrlID
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
EndDialog
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetMessageA
SetRect
DispatchMessageA
GetActiveWindow
RegisterClipboardFormatA
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
KillTimer
UpdateWindow
SetTimer
MessageBoxA
GetDesktopWindow
EnableWindow
BeginPaint
GetClientRect
EndPaint
InvalidateRect
GetDC
ReleaseDC
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
IsWindow
GetParent
CopyAcceleratorTableA
DestroyMenu
GetSysColorBrush
GrayStringA
DrawTextA
TabbedTextOutA
GetWindowDC
SetFocus
GetFocus
IsChild
DestroyWindow
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
CharNextA
CreateWindowExA
CallWindowProcA
GetWindowLongA
SetWindowLongA
ShowWindow
UnionRect
PtInRect
CharUpperA
MessageBeep
CallNextHookEx
GetNextDlgGroupItem
GetKeyState
DefWindowProcA
ClientToScreen
GetClassNameA
LoadStringA
UnregisterClassA
MapDialogRect
SetWindowContextHelpId
MoveWindow
SetWindowTextA
IsDialogMessageA
LoadIconA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
CopyRect
TranslateMessage

gdi32

GetClipBox
SetTextColor
SetBkColor
GetObjectA
GetTextColor
GetBkColor
GetStockObject
DeleteObject
SelectObject
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
ExtTextOutA
Escape
DPtoLP
GetMapMode
CreateBitmap
CreateDCA
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
GetDeviceCaps
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
Rectangle
TextOutA
SetTextAlign

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryInfoKeyA
RegEnumValueA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleIsCurrentClipboard
WriteClassStm
OleLoadFromStream
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
OleInitialize
OleUninitialize
OleFlushClipboard
OleSaveToStream
CoRevokeClassObject
CoRegisterMessageFilter
CreateOleAdviseHolder

olepro32

ord250
ord253

oleaut32

SysFreeString
VariantClear
VarUI4FromStr
SysAllocString
LoadTypeLi
RegisterTypeLi
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
SysStringLen
VariantCopy
SysAllocStringLen
VariantTimeToSystemTime

urlmon

URLDownloadToFileA

wininet

InternetReadFile
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpSendRequestA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

916cd936656ca454f3b5395bab0b065f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

wininet

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 24KB - Virtual size: 21KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 24KB - Virtual size: 21KB