76c27dc2ad100f57e887ac9c0aefdd57_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

76c27dc2ad100f57e887ac9c0aefdd57_JaffaCakes118
Size

242KB
MD5

76c27dc2ad100f57e887ac9c0aefdd57
SHA1

19aa78240d36609fcdb8cb53aa09fa8388a57eb3
SHA256

056d0594d88691028f175e6e34ff7dc959c0036e87cc51427e5b2f3c7b8c819f
SHA512

27397fb8d6f5d7a9403f78736f6e0640847a61234abb75d340cef5e0f80dfcd40f07a53c1858e9455757c085fa3a83e9bf5c57e93896588f1b668c927a5ae4d8
SSDEEP

6144:P5UJZYq27gNbvgcKqAHkJ4XZGWva6N6ZKo1FC2ubx:P5UYq27gJovh/RN6ZKWq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76c27dc2ad100f57e887ac9c0aefdd57_JaffaCakes118

Files

76c27dc2ad100f57e887ac9c0aefdd57_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

e056481f0fac2efc53d87c7f46038e6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

UrlGetPartW
StrStrIA
StrCmpIW
UrlEscapeW
SHRegSetUSValueW
SHSetValueW
SHDeleteValueW
SHGetValueW
SHDeleteKeyW
StrStrIW
PathStripPathW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetQueryOptionA
InternetQueryOptionW
InternetSetOptionW
HttpSendRequestW
InternetOpenW
InternetConnectW
InternetCrackUrlW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpOpenRequestW

urlmon

UrlMkGetSessionOption
URLDownloadToFileW

rpcrt4

UuidToStringW
RpcStringFreeW

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

imagehlp

UnMapAndLoad
MapAndLoad

kernel32

RtlUnwind
HeapFree
InitializeCriticalSectionAndSpinCount
GetSystemTime
CreateEventW
CloseHandle
OpenProcess
TerminateProcess
OpenMutexW
WaitForSingleObject
CreateProcessW
SetEvent
CreateMutexW
GetCommandLineW
ExitProcess
CreateThread
ExitThread
Sleep
GetModuleFileNameW
lstrlenW
lstrcpyW
DeleteFileW
lstrcpynA
InterlockedIncrement
InterlockedDecrement
lstrcmpiA
FreeLibrary
IsBadReadPtr
VirtualProtect
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
GlobalFree
ResetEvent
MoveFileExW
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
HeapAlloc
GetTempFileNameW
GetTickCount
LocalAlloc
LocalFree
GetLastError
GetLocalTime
SystemTimeToFileTime
VirtualQuery
GetSystemInfo
GetSystemWindowsDirectoryW
GetVolumeInformationW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersion
GetCurrentProcessId
GetCurrentThreadId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
OpenThread
SuspendThread
ResumeThread
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
VirtualAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
RaiseException
HeapDestroy
HeapCreate
GetEnvironmentStringsW
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
GetEnvironmentVariableW
GetCommandLineA
IsDebuggerPresent
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsValidCodePage

user32

CharLowerW
PeekMessageW
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId
PostMessageW
MsgWaitForMultipleObjects
CharUpperW
GetClassNameW
EnumChildWindows
OffsetRect
ClientToScreen
SetWindowTextW

advapi32

SetNamedSecurityInfoW
DeleteAce
GetAce
GetNamedSecurityInfoW
ConvertSidToStringSidA
GetTokenInformation
OpenProcessToken
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptGetKeyParam
CryptSetKeyParam
CryptImportKey
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegDeleteKeyW
RegQueryValueW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyW
RegSetValueW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW

ole32

OleInitialize
CLSIDFromString
CoTaskMemFree
CoCreateInstance
OleUninitialize

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayPutElement
SysAllocStringByteLen
SysAllocString
SysStringByteLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMProcedure
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e056481f0fac2efc53d87c7f46038e6e

Headers

File Characteristics

Imports

shlwapi

version

wininet

urlmon

rpcrt4

crypt32

imagehlp

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 178KB - Virtual size: 177KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 192B

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 192B

.reloc
Size: 14KB - Virtual size: 13KB