89f53826c2d7b10c8afc2b34803a2dd9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

89f53826c2d7b10c8afc2b34803a2dd9_JaffaCakes118
Size

196KB
MD5

89f53826c2d7b10c8afc2b34803a2dd9
SHA1

a6d7faccb33c50f6c11c7de58e1e87d22ee1df38
SHA256

8d9134d1c0a57309234727a30a849671acb1495509dc1cc15205a7bba37cd11f
SHA512

f68f5adf66453a1db3e5e85e512fec46ef6326179497792e01e17a5d56288242fc76c50664ea41a521a3f84dc0f6641a7c66843e9f5df1f755e5ed253226b529
SSDEEP

3072:HhgYJUrY10wOvl9lWcGrK2qu5zerDq+wIss++apmEz:BI02JW0zuw0p7z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89f53826c2d7b10c8afc2b34803a2dd9_JaffaCakes118

Files

89f53826c2d7b10c8afc2b34803a2dd9_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

49b311631fce155d5b813b2f388b4997

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetSystemDirectoryW
LoadLibraryA
FlushInstructionCache
GetCurrentProcess
GetShortPathNameW
FreeLibrary
LoadLibraryExW
lstrcmpiW
lstrcpynW
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetFileAttributesW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SizeofResource
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapSize
TerminateProcess
ExitProcess
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
RaiseException
GetVersion
GetCommandLineA
GetTimeZoneInformation
GetLocalTime
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
LocalFree
CreateFileW
WriteFile
CloseHandle
GlobalAlloc
GlobalHandle
GlobalFree
FreeResource
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetModuleHandleA
GetProcAddress
GetModuleFileNameW
LoadLibraryW
OutputDebugStringA
GetLastError
SetLastError
OutputDebugStringW
DebugBreak
FindResourceW
LoadResource
LockResource
GetVersionExW
MultiByteToWideChar
GetCurrentThreadId
GlobalLock
GlobalUnlock
lstrlenA
InterlockedDecrement
InterlockedIncrement
lstrcpyW
lstrlenW
lstrcmpW
lstrcatW
WideCharToMultiByte
SetUnhandledExceptionFilter

user32

LoadMenuW
GetSubMenu
wsprintfW
EndPaint
BeginPaint
RedrawWindow
DefWindowProcW
DrawTextW
SendMessageW
DrawIconEx
LoadIconW
FillRect
CopyRect
GetSysColor
TranslateMessage
CharUpperW
PostMessageW
GetDesktopWindow
CreateAcceleratorTableW
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
GetDlgItem
GetClassNameW
GetForegroundWindow
SetScrollPos
SetScrollRange
ScreenToClient
GetScrollRange
GetScrollPos
DispatchMessageW
IsChild
GetWindowRect
ShowWindow
SetWindowTextW
keybd_event
CreateWindowExW
ReleaseDC
GetKeyState
CallNextHookEx
GetFocus
MoveWindow
MapWindowPoints
TrackPopupMenu
DestroyMenu
GetParent
CheckDlgButton
EndDialog
GetWindowTextLengthW
GetWindow
GetClassInfoExW
RegisterClassExW
RegisterWindowMessageW
LoadCursorW
DialogBoxIndirectParamW
GetActiveWindow
SetFocus
CharNextW
wvsprintfW
FindWindowExW
LoadBitmapW
SystemParametersInfoW
FindWindowW
GetDC
UnhookWindowsHookEx
IsWindow
DestroyWindow
SetWindowsHookExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
GetClientRect
SetWindowPos
GetCursorPos
PtInRect
LoadStringW
GetWindowTextW
MapVirtualKeyW

gdi32

SetTextColor
DeleteObject
GetStockObject
CreateSolidBrush
SelectObject
GetTextMetricsW
CreateFontIndirectW
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
SetBkMode
GetObjectW

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
CreateServiceW
QueryServiceStatus
ChangeServiceConfigW
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegEnumValueW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoTaskMemRealloc
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
ReleaseStgMedium
CoTaskMemFree

oleaut32

LoadTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantInit
VariantClear
SysFreeString

shlwapi

SHAutoComplete

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49b311631fce155d5b813b2f388b4997

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 32KB - Virtual size: 28KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 32KB - Virtual size: 28KB

.reloc
Size: 12KB - Virtual size: 10KB