843350073c8419487c0b248a9cdbc39c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

843350073c8419487c0b248a9cdbc39c_JaffaCakes118
Size

158KB
MD5

843350073c8419487c0b248a9cdbc39c
SHA1

52aba99181cd1fc190fe27239f8d4947e4786405
SHA256

0672d9845a8798d6b7e279cfb2bc18f8433f36f05e9b5762e378ed2bcbf9d84d
SHA512

3799599bfbabfa8d06e4c092853c21c64a8962bdb843f71a926701a11e70d9682e18c2ae5eeeb6cc9e9d14ed4aa6bc8d3f4b5225fc48f764e6ca50063c76ad16
SSDEEP

3072:MEYsWry1besW9zote9ib/ke3qauNsCwl4GjzfBQJXHT9rU5ds6G7c:GsxDggbzqMJ/jzJ8HT94w6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
843350073c8419487c0b248a9cdbc39c_JaffaCakes118

Files

843350073c8419487c0b248a9cdbc39c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

47199fbf9e25242f1a59961dfaa29745

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathIsUNCA
PathAddExtensionA
PathFindExtensionA
PathFileExistsA
PathRemoveExtensionA
PathRemoveFileSpecA
PathRemoveBackslashA
PathRemoveBlanksA
PathStripToRootA
SHDeleteKeyA
SHDeleteValueA
SHSetValueA
SHGetValueA
StrStrIA
PathAppendA
PathFindFileNameA

kernel32

LeaveCriticalSection
EnterCriticalSection
ReadFile
GetFileSize
CreateFileA
GetShortPathNameA
GetLongPathNameA
GetWindowsDirectoryA
GetVersionExA
GetFileAttributesW
IsBadReadPtr
GetCurrentThreadId
GetPrivateProfileStringA
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
lstrcpynA
MultiByteToWideChar
WaitForSingleObject
TerminateThread
SetThreadPriority
SetLastError
WideCharToMultiByte
CreateToolhelp32Snapshot
GetModuleFileNameA
GetSystemDirectoryA
LocalFree
FindResourceA
LoadLibraryExA
ReadProcessMemory
GetPrivateProfileIntA
WritePrivateProfileStringA
MoveFileExA
GetTempPathA
Sleep
WritePrivateProfileStructA
GetPrivateProfileStructA
lstrcatA
DeleteFileA
CopyFileA
GetACP
IsDebuggerPresent
LoadLibraryW
GetProcessHeap
HeapAlloc
OutputDebugStringA
HeapFree
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
CreateDirectoryA
FindFirstFileA
FindClose
lstrcpyA
IsBadStringPtrA
GlobalLock
GlobalSize
lstrcmpA
GetModuleHandleW
GetModuleFileNameW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
IsBadStringPtrW
SizeofResource
LockResource
LoadResource
FreeLibrary
VirtualQuery
lstrcmpiA
VirtualProtect
GetCurrentProcessId
Module32First
Module32Next
CloseHandle
GetModuleHandleA
GetCurrentProcess
FlushInstructionCache
GetSystemInfo
GetProcAddress
GetVersion
CreateThread
OpenMutexA
CreateMutexA
GetLastError
lstrlenW
lstrcpynW
WriteFile
lstrlenA

user32

GetWindowTextLengthA
CallNextHookEx
GetKeyState
ShowWindow
SetPropA
RemovePropA
GetComboBoxInfo
DrawFocusRect
GetSystemMetrics
LoadIconA
GetDC
FillRect
DrawTextA
ReleaseDC
UnhookWindowsHookEx
GetSysColor
PostMessageA
IsWindowVisible
GetWindowTextA
SetWindowLongW
CallWindowProcA
GetWindowLongW
GetWindowLongA
IsWindowUnicode
DefWindowProcA
InvalidateRect
SetWindowsHookExA
LoadStringA
FindWindowExA
GetClientRect
RegisterWindowMessageA
GetClassNameA
SendMessageA
SetWindowTextA
IsWindow
GetParent
EnumWindows
GetWindowThreadProcessId
SendMessageTimeoutA
EnumChildWindows
GetFocus

advapi32

RegSetValueExA
GetLengthSid
RegDeleteValueA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
AddAccessAllowedAce
SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
RegSetKeySecurity
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegCreateKeyExA
InitializeAcl
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

ole32

RevokeDragDrop
CoUninitialize
CoInitialize
OleRun
RegisterDragDrop
OleUninitialize
OleInitialize
CoTaskMemFree
StringFromCLSID
ReleaseStgMedium
CoCreateInstance
CoCreateGuid

oleaut32

VariantClear
SysAllocString
SysFreeString

imagehlp

ImageDirectoryEntryToData

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
atol
_ltoa
_mbstok
_except_handler3
_stricmp
_strnicmp
tmpnam
_tempnam
_wcsicmp
malloc
free
ftell
fread
strchr
strrchr
fwrite
wcslen
rewind
strstr
fputs
fseek
time
srand
rename
_CxxThrowException
_mbsnbcpy
_vsnprintf
atoi
_ismbcdigit
_mbclen
fopen
fgets
fclose
bsearch
_mbsrchr
_snprintf
_mbslwr
_mbsstr
_mbschr
_mbsnbicmp
_mbscmp
sprintf
_purecall
rand
_mbsicmp
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_strlwr
_wcsnicmp
printf
??1type_info@@UAE@XZ

urlmon

URLDownloadToFileA
IsValidURL

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

socket
setsockopt
htons
gethostbyname
WSACleanup
connect
WSAGetLastError
send
WSAStartup
recv
inet_addr
closesocket

gdi32

ExtTextOutA
SetTextColor
SetBkColor
SetTextAlign
GetTextAlign
SetBkMode
SelectObject
GetTextExtentPointA
CreatePen
MoveToEx
LineTo
SetPixel
CreateSolidBrush
DeleteObject
GetStockObject

shell32

SHGetDesktopFolder
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetMalloc

wininet

InternetCrackUrlA
DeleteUrlCacheEntry

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Register
Uninstall

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47199fbf9e25242f1a59961dfaa29745

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

ole32

oleaut32

imagehlp

msvcrt

urlmon

version

ws2_32

gdi32

shell32

wininet

Exports

Exports

Sections

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 5KB - Virtual size: 11KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 14KB - Virtual size: 14KB