70b433bee0702f10f933ea2bb8251ad6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70b433bee0702f10f933ea2bb8251ad6_JaffaCakes118
Size

64KB
MD5

70b433bee0702f10f933ea2bb8251ad6
SHA1

57258b66f604957e617553902c81930d1a962312
SHA256

d7d26b83e8dbe15ca60ba9320a2628e447e2d4b15882e390428cbe80a003b66c
SHA512

eddaa6fa4c76b40deb6a69b9cd0d75c14c96a1e38b4f72f0936db315187c3e791feda8945b12a7fdaea163f7cce71e9aa059d520ce82b238eef61e4a9480e6bf
SSDEEP

768:i6qiOKms8ZjQGJTIxq3nZN9nuWJbeBCj4I6xLWHeNhFCmQF9sQmJ969mH:VOVs8ZjpoqXgWfN6xHNem0jmPww

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70b433bee0702f10f933ea2bb8251ad6_JaffaCakes118

Files

70b433bee0702f10f933ea2bb8251ad6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4a0af7dc700dac59cc1187e16d0540cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrlenW
GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LeaveCriticalSection
LoadLibraryExW
lstrcmpiW
lstrcpynW
HeapDestroy
lstrcpyW
lstrcatW
DeleteFileA
WinExec
GetBinaryTypeA
GetTickCount
GetTempPathA
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
DisableThreadLibraryCalls
GetCurrentThreadId
lstrlenA
LoadLibraryW
GetProcAddress
WideCharToMultiByte
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
CreateThread
Sleep
GetCurrentProcess
GetLastError
CloseHandle

user32

SetWindowsHookExW
CallNextHookEx
FindWindowA
CharNextW
GetMessageW
PostThreadMessageW
SetForegroundWindow
UnhookWindowsHookEx
FindWindowExA
SendMessageW
FindWindowExW
GetClassNameA
SendMessageA
PostMessageW
CharLowerA

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyA
RegQueryValueExW
RegOpenKeyExA
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
AdjustTokenPrivileges

shell32

ShellExecuteA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

LoadRegTypeLi
SysStringLen
LoadTypeLi
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
SysFreeString
RegisterTypeLi

oleacc

GetRoleTextA
AccessibleObjectFromWindow
WindowFromAccessibleObject
GetStateTextA

msvcrt

free
realloc
memcmp
strchr
strncmp
fclose
fwrite
rename
_access
wcslen
wcscmp
_initterm
_adjust_fdiv
_stricmp
malloc
calloc
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
atoi
strcat
swprintf
getchar
wprintf
strcmp
_splitpath
fopen
fgets
strstr
strcpy
memcpy
sprintf
strlen
memset

ws2_32

connect
htons
closesocket
socket
recv
gethostbyname
WSAStartup
inet_addr
send

netapi32

Netbios

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetVer
Install

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WOWCLin
Size: 4KB - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a0af7dc700dac59cc1187e16d0540cf

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

oleacc

msvcrt

ws2_32

netapi32

wininet

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 13KB

WOWCLin Size: 4KB - Virtual size: 6B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 13KB

WOWCLin
Size: 4KB - Virtual size: 6B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB