78e5771874cd2dc727e4464c2a1e7632_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

78e5771874cd2dc727e4464c2a1e7632_JaffaCakes118
Size

688KB
MD5

78e5771874cd2dc727e4464c2a1e7632
SHA1

46a3ec39694dba4f7fdaf3e25434f54b24b26fbe
SHA256

4358ec0dc69daaa08d3737a216374ec99b34f7c13e74ad91063661005aa13f12
SHA512

9eeefd69a00438c3c7afe4e579d760ada0eec52672b7e87bff0f2b57b13468b8560001aeee12f366b5d471bb2b86694bd892e083c344763827e2fe73941af19d
SSDEEP

12288:wWdsvG3HQcWtbO4M97XWPCxgUXYUA9PvDPMOxAQCk4B/DSD:TJ8tC4MZXiCZAPvIk8/Dw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78e5771874cd2dc727e4464c2a1e7632_JaffaCakes118

Files

78e5771874cd2dc727e4464c2a1e7632_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9f505b600366e4dd754d4efeccfa62f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
GlobalSize
CompareStringW
GetModuleHandleA
WaitForSingleObject
FlushFileBuffers
ReadFile
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FileTimeToLocalFileTime
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
HeapCreate
GetCommandLineA
IsBadReadPtr
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
ExitProcess
LoadLibraryA
LocalFree
WideCharToMultiByte
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
FileTimeToDosDateTime
lstrcatW
CloseHandle
CreateThread
GetProcAddress
lstrcmpW
HeapAlloc
GetCurrentProcess
FlushInstructionCache
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalHandle
GlobalFree
GetCurrentThreadId
SetLastError
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
FreeLibrary
lstrlenA
MulDiv
lstrcpynW
GetModuleFileNameW
GetModuleHandleW
lstrcpyW
lstrcmpiW
lstrlenW
GetProcessHeap
HeapFree
InterlockedDecrement
InterlockedIncrement
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MultiByteToWideChar
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetStartupInfoA

user32

GetActiveWindow
DialogBoxIndirectParamW
MessageBoxA
SetForegroundWindow
GetSystemMetrics
ClientToScreen
OpenClipboard
IsWindowEnabled
EndDialog
SendMessageW
SetWindowTextW
MoveWindow
GetWindowRect
GetClientRect
ScreenToClient
EnableWindow
SendDlgItemMessageW
GetDlgItem
GetDialogBaseUnits
ReleaseDC
GetDC
UnregisterClassW
DestroyWindow
DestroyMenu
DrawTextW
GetSysColor
SetWindowLongW
SystemParametersInfoW
IsChild
GetParent
GetSubMenu
LoadMenuW
CloseClipboard
SetClipboardData
GetFocus
SetFocus
CheckDlgButton
IsDlgButtonChecked
LoadAcceleratorsW
DeleteMenu
SetMenuItemInfoW
PostMessageW
UpdateWindow
SetRectEmpty
GetCursorPos
GetCapture
SetCursor
GetDlgCtrlID
DrawFocusRect
LoadIconW
GetNextDlgTabItem
CharNextW
TrackPopupMenu
CopyAcceleratorTableW
IsDialogMessageW
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
UnionRect
PtInRect
MapDialogRect
SetWindowContextHelpId
wsprintfW
CreateWindowExW
CreateAcceleratorTableW
GetClassNameW
SetWindowPos
RedrawWindow
BeginPaint
EndPaint
CallWindowProcW
GetDesktopWindow
InvalidateRgn
InvalidateRect
FillRect
SetCapture
ReleaseCapture
DestroyAcceleratorTable
EnumChildWindows
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateDialogIndirectParamW
ShowWindow
GetKeyState
IsWindow
GetWindow

gdi32

SetBkColor
GetObjectW
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteObject
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileW
GetCurrentObject
CreateDCW
GetTextExtentPointW
GetTextMetricsW
SelectObject
CreateFontIndirectW
GetDeviceCaps
SetTextColor
Rectangle
GetStockObject
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
LPtoDP
CreateRectRgnIndirect
SetBkMode
SaveDC

comdlg32

GetOpenFileNameW

advapi32

RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetFileInfoW

ole32

GetHGlobalFromStream
OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CoCreateInstance
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
StringFromCLSID
CoTaskMemFree
CLSIDFromString

oleaut32

RegisterTypeLi
SetErrorInfo
CreateErrorInfo
UnRegisterTypeLi
OleCreatePropertyFrame
SysAllocStringByteLen
SysAllocStringLen
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysStringByteLen
SysAllocString
OleTranslateColor
VarUI4FromStr
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysFreeString

deleakercore

?CreateObjectInfoSet@@YGJABU_GUID@@PAPAX@Z

shlwapi

PathFindExtensionW

comctl32

_TrackMouseEvent

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3xbym7wq
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vxvnpxh8
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

wnhg51p0
Size: 287KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j4jx4vtd
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f505b600366e4dd754d4efeccfa62f7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

deleakercore

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 248KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 16KB - Virtual size: 24KB

.rsrc Size: 40KB - Virtual size: 44KB

3xbym7wq Size: 24KB - Virtual size: 24KB

vxvnpxh8 Size: 4KB - Virtual size: 4KB

wnhg51p0 Size: 287KB - Virtual size: 288KB

j4jx4vtd Size: 20KB - Virtual size: 20KB

.text
Size: 248KB - Virtual size: 248KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 16KB - Virtual size: 24KB

.rsrc
Size: 40KB - Virtual size: 44KB

3xbym7wq
Size: 24KB - Virtual size: 24KB

vxvnpxh8
Size: 4KB - Virtual size: 4KB

wnhg51p0
Size: 287KB - Virtual size: 288KB

j4jx4vtd
Size: 20KB - Virtual size: 20KB