737e5efc6e6ff0faa9516d8fd3a49e78_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

737e5efc6e6ff0faa9516d8fd3a49e78_JaffaCakes118
Size

196KB
MD5

737e5efc6e6ff0faa9516d8fd3a49e78
SHA1

42508136af231d414b3231f1e36ca7b749207076
SHA256

f0f1d3eda4bb78e56d10525a47d808dd508fd4720a2d5f169510db7c0d092eda
SHA512

0d4ed595146e96c07f17900336c2230870e4fd61fc917faba4eabb493ec6542ab7a4197415748d662bb3cc17af03b61a427b45406c1060ae75cf5025b8446844
SSDEEP

3072:WmB5M5vJCjUCjQaOSGxXnRRBigJ04Epgtg9HguPt+AFqnPJ8D4t:aWnjMzoHpgtw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
737e5efc6e6ff0faa9516d8fd3a49e78_JaffaCakes118

Files

737e5efc6e6ff0faa9516d8fd3a49e78_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

95f37e103cc107b7c42a9d3866eff5e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathRenameExtensionA
PathIsDirectoryA
PathAddBackslashA
PathFindExtensionA
PathRemoveBackslashA
PathRemoveFileSpecA
SHEnumValueA
PathRemoveExtensionA
PathCompactPathExA
PathStripPathA
PathFileExistsA

ws2_32

ntohs
htons
ntohl
htonl

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

mfc42

ord4275
ord6111
ord668
ord1980
ord2781
ord2770
ord356
ord2915
ord924
ord5710
ord860
ord5572
ord3181
ord939
ord925
ord3178
ord4058
ord6569
ord5601
ord1199
ord922
ord4129
ord535
ord6283
ord6282
ord1200
ord4160
ord1147
ord2818
ord4204
ord6199
ord6215
ord4299
ord2864
ord2086
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord3402
ord3721
ord692
ord795
ord541
ord801
ord2302
ord2859
ord2860
ord1907
ord5161
ord5162
ord5160
ord4905
ord790
ord4948
ord4358
ord4377
ord5287
ord4835
ord768
ord489
ord4258
ord4854
ord6467
ord5953
ord3097
ord5981
ord936
ord932
ord5933
ord4742
ord4694
ord4278
ord6883
ord6143
ord923
ord859
ord5856
ord4277
ord2764
ord6648
ord2784
ord940
ord2919
ord2614
ord926
ord536
ord2763
ord6874
ord6877
ord861
ord1601
ord2652
ord1669
ord1168
ord1146
ord1154
ord3663
ord665
ord354
ord5450
ord6394
ord5440
ord6383
ord771
ord2528
ord1008
ord496
ord3408
ord3227
ord3054
ord3425
ord3880
ord834
ord2065
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord567
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord3953
ord2725
ord1131
ord2301
ord928
ord5934
ord3716
ord4424
ord5290
ord1776
ord6055
ord858
ord1105
ord1138
ord540
ord537
ord941
ord800
ord823
ord4376
ord2514
ord4853
ord470
ord755
ord4710
ord3092
ord2642
ord4234
ord641
ord825
ord324
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4998
ord5265
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord4976
ord3922

kernel32

GetSystemTime
TerminateThread
GetExitCodeThread
SetFileAttributesA
GetLastError
DuplicateHandle
GetCurrentProcess
GetFileAttributesA
ResumeThread
CreateFileA
FindFirstChangeNotificationA
GetLogicalDriveStringsA
FindCloseChangeNotification
Sleep
FindNextChangeNotification
WaitForMultipleObjects
WaitForSingleObject
ResetEvent
SetEvent
CloseHandle
CreateEventA
GetLocalTime
DeleteFileA
GetTempPathA
RemoveDirectoryA
CreateDirectoryA
CopyFileA
MoveFileA
FindClose
FindFirstFileA
FindNextFileA
GetShortPathNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
lstrlenW
LeaveCriticalSection
EnterCriticalSection
GetFileSize
GlobalFree
WideCharToMultiByte
GlobalAlloc
ReadFile
SetFilePointer
OutputDebugStringA
WriteFile
FileTimeToSystemTime
SystemTimeToFileTime
FormatMessageA
GetDiskFreeSpaceExA
CompareStringA
GetTickCount
LocalFree
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
HeapDestroy
lstrcpyA
lstrlenA
lstrcatA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
SetLastError
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapFree
LocalAlloc
MultiByteToWideChar
DeviceIoControl
GetCurrentThreadId
GetDriveTypeA

gdi32

GetTextExtentPoint32A

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA

shell32

SHGetSpecialFolderLocation
SHGetFileInfoA

comctl32

ImageList_Create
ImageList_ReplaceIcon

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleRun

oleaut32

LoadRegTypeLi
SysStringLen
VariantInit
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo
VariantClear
SysFreeString

msvcp60

??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_7out_of_range@std@@6B@

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 58KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.abss
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdat
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 167B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95f37e103cc107b7c42a9d3866eff5e1

Headers

File Characteristics

Imports

shlwapi

ws2_32

version

mfc42

kernel32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp60

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 92KB

.abss Size: - Virtual size: 124KB

.data Size: 8KB - Virtual size: 8KB

.rdat Size: 8KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 167B

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 110KB - Virtual size: 110KB

.reloc Size: 4KB - Virtual size: 224B

.text
Size: 58KB - Virtual size: 92KB

.abss
Size: - Virtual size: 124KB

.data
Size: 8KB - Virtual size: 8KB

.rdat
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 167B

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 110KB - Virtual size: 110KB

.reloc
Size: 4KB - Virtual size: 224B