756e328dc8c4d5f60af4a488994e5e7b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

756e328dc8c4d5f60af4a488994e5e7b_JaffaCakes118
Size

211KB
MD5

756e328dc8c4d5f60af4a488994e5e7b
SHA1

8c5e5dce03ea27a8d2cf41a909e5cedb72f88857
SHA256

b2279272b9b271bf5788815492ffea5f7bf472ebdc9a92a9582cbdcde878dab4
SHA512

cebf61eb97dc91309e08d44b27278108f8ba8f3998d1ad9f97e8a3ef913720df430aff4e0bff71848c49219e97290155e4bedcecf248c894a16fed03e7a7420e
SSDEEP

3072:9+mcJFZNBy5/WbLRL2CWk/Z8EtV4Haa/fVJWaydXpFKFDcU:9vUZN7bLRL2Nk+uigayx4j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
756e328dc8c4d5f60af4a488994e5e7b_JaffaCakes118

Files

756e328dc8c4d5f60af4a488994e5e7b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ae73375b1f3899c867056df5cad4ca18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
MultiByteToWideChar
SetLastError
CreateDirectoryA
GetEnvironmentVariableA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
ReleaseMutex
WriteFile
MoveFileExA
CopyFileA
GetCurrentProcess
InterlockedDecrement
SetEvent
Sleep
WaitForMultipleObjects
ResetEvent
CreateEventA
GlobalAlloc
FreeResource
GetModuleHandleA
GlobalLock
MulDiv
ExitProcess
SetUnhandledExceptionFilter
WriteProcessMemory
VirtualProtect
LoadLibraryExA
SetErrorMode
GetVersion
FindResourceA
LocalFree
LoadResource
SizeofResource
LockResource
WinExec
GetWindowsDirectoryA
GetSystemDirectoryA
SetFilePointer
ReadFile
CreateFileA
DeviceIoControl
GetShortPathNameA
GetVersionExA
lstrcpyA
lstrcatA
GetPrivateProfileStringA
GetPrivateProfileSectionA
DeleteFileA
GetTempPathA
GetTempFileNameA
WaitForSingleObject
GetTickCount
CreateMutexA
GetLastError
CloseHandle
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryA
GetCurrentThreadId
OutputDebugStringA
lstrlenW
WideCharToMultiByte
lstrcmpA
GetModuleFileNameA
GlobalUnlock

user32

GetPropA
IsWindow
RemovePropA
EnumThreadWindows
GetClassNameA
SetWindowLongW
IsWindowUnicode
FindWindowExA
GetForegroundWindow
CallWindowProcA
CallWindowProcW
DestroyWindow
IsWindowVisible
GetParent
GetSystemMetrics
SetForegroundWindow
RegisterWindowMessageA
SendMessageTimeoutA
ExitWindowsEx
wsprintfA
SetTimer
CreateWindowExA
SetWindowLongA
PtInRect
KillTimer
DrawIconEx
DefWindowProcA
CheckDlgButton
LoadMenuA
GetSubMenu
TrackPopupMenu
SetPropA
DestroyMenu
MessageBoxA
EnableWindow
ShowWindow
IsDlgButtonChecked
EndDialog
LoadIconA
SetWindowTextA
SetDlgItemTextA
DestroyIcon
ClientToScreen
DrawIcon
GetAncestor
GetCapture
GetDC
GetMessagePos
ScreenToClient
GetSysColor
ReleaseDC
SetCapture
ReleaseCapture
InvalidateRect
LoadCursorA
SetCursor
BeginPaint
GetClientRect
DrawTextA
EndPaint
GetDesktopWindow
GetDlgItem
GetWindowTextA
LoadStringA
SendMessageA
PostMessageA
SetWindowPos
DialogBoxParamA

gdi32

DeleteObject
SetBkColor
SetTextColor
SelectObject
GetPixel
CreateFontIndirectA
GetObjectA
SetBkMode
Rectangle
CreateSolidBrush
CreatePen
GetDeviceCaps

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegEnumValueA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoInitialize
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoUninitialize
StringFromIID
CoGetMalloc

oleaut32

SysAllocStringByteLen
LoadTypeLi
SysFreeString
VariantClear
VariantInit
RegisterTypeLi
OleLoadPicture
SysAllocString
SysStringByteLen

shlwapi

SHDeleteKeyA
SHSetValueA
StrCpyNW
SHRegEnumUSKeyA
SHRegOpenUSKeyA
SHDeleteValueA
SHDeleteEmptyKeyA
SHRegCloseUSKey
SHGetValueA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

urlmon

URLDownloadToFileA

msvcrt

strftime
_mbsnbcpy
_mbsstr
time
sprintf
sscanf
strncat
free
fopen
fread
fclose
strstr
malloc
_beginthreadex
strncpy
_except_handler3
memcpy
_mbsicmp
strcpy
strcat
memcmp
??2@YAPAXI@Z
strrchr
strlen
wcslen
_wcsnicmp
_snprintf
_wcsicmp
strcmp
memset
__CxxFrameHandler
localtime
atol
??3@YAXPAX@Z
strncmp
ftell
fseek
_mbsrchr
memmove
_mbschr
memchr
strchr
fwrite
fprintf
_strnicmp
fgets
_ltoa
rewind
_stricmp
_ftol
atoi
_mbscmp
_mbsnbcmp
wcscmp
wcscpy
tolower
toupper
_CxxThrowException
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
_itoa

setupapi

SetupIterateCabinetA

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetGetConnectedState
InternetCrackUrlA
HttpQueryInfoA
InternetSetStatusCallback

Exports

Exports

Action
ActionEx
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EventInvoke
Install
SCEventInvoke
SetSysInfo
Version

Sections

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.autoliv
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae73375b1f3899c867056df5cad4ca18

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

urlmon

msvcrt

setupapi

wininet

Exports

Exports

Sections

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 75KB - Virtual size: 83KB

.autoliv Size: 512B - Virtual size: 8B

.rsrc Size: 113KB - Virtual size: 112KB

.reloc Size: 8KB - Virtual size: 7KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 75KB - Virtual size: 83KB

.autoliv
Size: 512B - Virtual size: 8B

.rsrc
Size: 113KB - Virtual size: 112KB

.reloc
Size: 8KB - Virtual size: 7KB