734b8d1ec27eacaf3a323f1011d081d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

734b8d1ec27eacaf3a323f1011d081d2_JaffaCakes118
Size

268KB
MD5

734b8d1ec27eacaf3a323f1011d081d2
SHA1

18e2b7c8d1f0b196f0f8cba6c9195f3080bc5534
SHA256

4978d0cc67a2d095b09ab5c7ef08ebf499c7ed17d50e4a3ca561a5897729b4ec
SHA512

55fb082080b4536967e80e8c4d1d267278df4d6220246103d098eae587ac082b19267491153669f3094b1d11fb51e0ae941335a737910888ec0d7c212043a954
SSDEEP

3072:+dYClO5vBiYJtY9QS5Yqjpb1XZrNHi4JbyQYkzvt:qVusM+QSpZrZiGyQ5z1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
734b8d1ec27eacaf3a323f1011d081d2_JaffaCakes118

Files

734b8d1ec27eacaf3a323f1011d081d2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

812d2a6463d99ceaf96df7059b561a63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
GetCurrentProcessId
CopyFileA
Module32Next
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
CreateThread
GetLastError
TerminateThread
DisableThreadLibraryCalls
ReadFile
WriteFile
LocalFree
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
CreateProcessA
GetLocalTime
GetTickCount
GetFileSize
CloseHandle
GetSystemDirectoryA
lstrlenW
Sleep
LoadLibraryA
FreeLibrary
CreateFileA
GetVersionExA
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetVersion
GetEnvironmentVariableA
GetModuleFileNameA
OutputDebugStringA
DebugBreak
InterlockedDecrement
lstrlenA
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
DeleteFileA

user32

CharNextA
wvsprintfA
LoadStringA
wsprintfA
GetSystemMetrics
CallNextHookEx
GetClassNameA
CharLowerA
KillTimer
UnhookWindowsHookEx
SetTimer
wsprintfW
GetParent
SendMessageTimeoutA
RegisterWindowMessageA
DestroyWindow
SetWindowsHookExA
SendMessageA
GetActiveWindow
ShowWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
SetActiveWindow
SetForegroundWindow
SetFocus
BringWindowToTop

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegEnumKeyExA
RegQueryInfoKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocStringLen
SysAllocString
VariantCopy
VariantChangeType
SysFreeString

atl

ord30
ord16
ord21

msvcp60

??_7out_of_range@std@@6B@
??1out_of_range@std@@UAE@XZ
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Xran@std@@YAXXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z

urlmon

URLDownloadToFileA

wininet

InternetCrackUrlA
InternetOpenUrlA
InternetOpenA
InternetAttemptConnect
HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
HttpSendRequestA
InternetConnectA

netapi32

Netbios

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvcrt

strlen
atoi
_stricmp
atol
time
strcmp
_mbscmp
localtime
??2@YAPAXI@Z
strstr
_except_handler3
_CxxThrowException
memcpy
_ismbcspace
memmove
_mbsstr
??0exception@@QAE@ABV0@@Z
wcslen
_ismbcdigit
_mbsrchr
strcpy
memset
_mbslwr
_itoa
__CxxFrameHandler
sprintf
_mbsicmp
rand
srand
_local_unwind2
memcmp
strncpy
_mbsnbcpy
free
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
_mbschr

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

812d2a6463d99ceaf96df7059b561a63

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl

msvcp60

urlmon

wininet

netapi32

version

msvcrt

Sections

.text Size: 228KB - Virtual size: 225KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 1KB

.share Size: 4KB - Virtual size: 48B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 228KB - Virtual size: 225KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 1KB

.share
Size: 4KB - Virtual size: 48B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB