87c21c2564ba19ba9a4a812073ceb718_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

87c21c2564ba19ba9a4a812073ceb718_JaffaCakes118
Size

188KB
MD5

87c21c2564ba19ba9a4a812073ceb718
SHA1

e3e2d8da06dfc36030cc2c1066728b8dc595ca03
SHA256

fed71f9e9001f3b2cd1d9ff41d7df61a04d2be0246ace4d9a484800c57d2d928
SHA512

e7d9f86c3e959eedf827b0d39bc7ea44f2e17127858930f13da3b163b60a4aeb4aab7399534e0b7594c73e3a588da5d221aefccffd4ba4f458968f2187b87bb8
SSDEEP

3072:lRWp3Avogp9m3UVL4nAfZW+GgcGUwSFob9VRE+T2YatGFfMRQNh/QOU:lR5vogTbVEn6jaGURSr++nOQNh/QOU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87c21c2564ba19ba9a4a812073ceb718_JaffaCakes118

Files

87c21c2564ba19ba9a4a812073ceb718_JaffaCakes118
.dll windows:4 windows x86 arch:x86

857c34c9d4a1ea718650d7bbd2f2cdce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA

msvcrt

time
__CxxFrameHandler
??2@YAPAXI@Z
strrchr
getenv
rand
srand
fwrite
fread
fclose
ftell
fseek
fopen
_access
sprintf
atoi
strstr
strncpy
_strlwr
_strnicmp
_stat
_CxxThrowException
strncmp
wprintf
??1type_info@@UAE@XZ
_setjmp3
__CxxLongjmpUnwind
longjmp
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_mkdir
strftime
_stricmp
isspace
strchr
abort
strtok
wcscpy
wcscat
wcslen
atol
sscanf
memmove
wcscmp
printf
_snprintf
rename
_mbsnbicmp
localtime
mktime
vsprintf
free
malloc

ws2_32

ntohl
inet_addr
gethostname
htons
recvfrom
bind
socket
sendto
ntohs
gethostbyname
WSAStartup

iphlpapi

GetAdaptersInfo

rasapi32

RasEnumConnectionsA
RasEnumEntriesA
RasGetEntryDialParamsA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA

netapi32

Netbios

advapi32

LsaClose
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
DeleteService
CloseServiceHandle
ControlService
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
GetUserNameA
LookupAccountNameA
ConvertSidToStringSidW
LsaOpenPolicy
LsaRetrievePrivateData
RegOpenKeyExW
RegConnectRegistryA
RegOpenKeyA
RegEnumKeyA
StartServiceA
CreateServiceA

user32

ChangeClipboardChain
PostQuitMessage
SetClipboardViewer
DefWindowProcA
GetPriorityClipboardFormat
OpenClipboard
GetClipboardData
GetForegroundWindow
GetWindowTextA
CloseClipboard
SendMessageA
RegisterClassExA
CreateWindowExA
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
IsCharAlphaNumericA
wsprintfW
wsprintfA
GetThreadDesktop
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
GetDC
ReleaseDC
CloseWindowStation
CloseDesktop
GetSystemMetrics

oleaut32

GetErrorInfo
VariantInit
VariantClear

kernel32

GetModuleHandleW
TerminateThread
LocalFree
LocalAlloc
lstrlenA
SetLastError
WriteFile
CreateFileW
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
MoveFileExA
GetSystemDirectoryA
DeviceIoControl
GetFileSize
ReadFile
GetVersionExA
SystemTimeToFileTime
GetFileTime
LocalFileTimeToFileTime
SetFileTime
OutputDebugStringA
GetModuleFileNameA
CreateMutexA
SetFileAttributesA
GetWindowsDirectoryA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetTempPathA
GetTickCount
CopyFileA
DeleteFileA
MoveFileA
BeginUpdateResourceA
UpdateResourceA
GetStartupInfoA
CreatePipe
TerminateProcess
OpenProcess
FindFirstFileA
SetFilePointer
WritePrivateProfileStringA
InterlockedCompareExchange
GetPrivateProfileStringA
GetPrivateProfileIntA
WideCharToMultiByte
GetEnvironmentVariableA
GetSystemDefaultLCID
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
FindClose
FindNextFileA
lstrcpyA
lstrcatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDrives
GetDiskFreeSpaceExW
GetVolumeInformationW
GetSystemDirectoryW
GetExitCodeThread
LoadResource
GetCurrentThreadId
CreateFileA
EndUpdateResourceA
LoadLibraryA
FindResourceA
LockResource
SizeofResource
FreeLibrary
InterlockedExchange
GetLastError
Sleep
CreateProcessA
CreateThread
CloseHandle

mfc42

ord6877
ord540
ord860
ord535
ord800
ord537
ord5683
ord2818
ord858
ord924
ord4129

gdi32

CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetDeviceCaps
GetStockObject
SelectPalette
RealizePalette
DeleteObject
GetPixel
DeleteDC
GetDIBits

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

StgOpenStorage
StgIsStorageFile
CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance

Exports

Exports

DealA
DealB
DealC

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

857c34c9d4a1ea718650d7bbd2f2cdce

Headers

File Characteristics

Imports

shlwapi

msvcrt

ws2_32

iphlpapi

rasapi32

setupapi

netapi32

advapi32

user32

oleaut32

kernel32

mfc42

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 150KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 12KB - Virtual size: 41KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 151KB - Virtual size: 150KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 12KB - Virtual size: 41KB

.reloc
Size: 10KB - Virtual size: 10KB