8b1e67422edeb5453da5271eeff21064_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8b1e67422edeb5453da5271eeff21064_JaffaCakes118
Size

227KB
MD5

8b1e67422edeb5453da5271eeff21064
SHA1

a96815bdff52c47c85566c7ede18ad858cbfd53f
SHA256

3f46d6e0bcc4c85a807c20036932b588c76afa892cb72a4341f2f3fb8ee2f3e3
SHA512

ab7cd70892e1ede21f7a7ebeeb3654aafad5044023d01f99241fabe6c01a628ba53f290375945a35be9c6971600197a9fdae811d4c8573161807689f21193768
SSDEEP

3072:Gx5Zdhl2tNVbvdtvt3dW/YV5SN+SDrlvgqRvBrCY5If4gFN5G:cD2FxdPStPRvButX5G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b1e67422edeb5453da5271eeff21064_JaffaCakes118

Files

8b1e67422edeb5453da5271eeff21064_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

f6682f967a884b58c26f67d7acdca917

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryOptionA
InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetGetConnectedState
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetCrackUrlA

shlwapi

wnsprintfA
StrRChrA
StrToIntA
StrStrA
StrNCatA
StrStrIA
StrCmpNIA

rpcrt4

UuidToStringA
UuidCreate

comctl32

InitCommonControlsEx

kernel32

lstrcmpiA
GetModuleFileNameA
DeleteCriticalSection
TlsAlloc
TlsFree
GetCurrentProcess
HeapFree
CloseHandle
LocalFree
FindResourceA
lstrlenA
FreeLibrary
LoadResource
GetModuleHandleW
WideCharToMultiByte
SizeofResource
LeaveCriticalSection
IsDBCSLeadByte
MultiByteToWideChar
lstrlenW
SetThreadLocale
GetThreadLocale
GetProcAddress
EnterCriticalSection
GetModuleHandleA
LoadLibraryExA
TlsGetValue
WaitForSingleObject
SleepEx
GetTickCount
TlsSetValue
TerminateThread
Sleep
CreateMutexA
ReleaseMutex
CreateThread
lstrcpyA
HeapReAlloc
SetEvent
CreateEventA
ResetEvent
GetLastError
VirtualFree
InitializeCriticalSection
VirtualAlloc
LoadLibraryA
VirtualProtect
MapViewOfFile
Process32First
Process32Next
CreateFileMappingA
CreateToolhelp32Snapshot
OpenFileMappingA
GlobalAlloc
GlobalFree
GetTempPathA
GetCurrentProcessId
CreateFileA
WriteFile
GetExitCodeProcess
CreateProcessA
DeleteFileA
HeapDestroy
HeapCreate
ExitProcess
HeapSize
SetLastError
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
GetProcessHeap
InterlockedDecrement
InterlockedIncrement
HeapAlloc
lstrcpynA
OpenEventA
RaiseException
GetStdHandle
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
FlushInstructionCache
GetEnvironmentStringsW

user32

DestroyWindow
GetClassNameA
GetWindowRect
SetActiveWindow
RegisterClassExA
TrackPopupMenu
GetMenuItemID
GetSubMenu
SetForegroundWindow
LoadMenuA
LoadIconA
SetWindowLongA
GetWindowLongA
GetClientRect
DefWindowProcA
GetCursorPos
DrawMenuBar
IsWindow
PostMessageA
SetMenuDefaultItem
SystemParametersInfoA
DestroyMenu
SetTimer
KillTimer
CharNextW
CharNextA
SendMessageA
LoadCursorA
UpdateWindow
DispatchMessageA
GetActiveWindow
GetSysColorBrush
ShowWindow
SetWindowPos
TranslateMessage
GetMessageA
CreateWindowExA
RegisterWindowMessageA

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExA
RegCloseKey
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyExA
RegQueryInfoKeyA
RegDeleteValueA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
OpenSCManagerA
SetNamedSecurityInfoA

shell32

Shell_NotifyIconA
SHGetFolderPathA

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
OleSetContainedObject
OleInitialize
OleCreate
CoTaskMemRealloc

oleaut32

SysAllocString
SysStringLen
LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr
RegisterTypeLi
SysAllocStringLen
LoadRegTypeLi
VariantClear
VariantInit
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetLocid
GetTicket
RegisterTrayIcon
RunTrayIcon
ShowDoneMessage
ShowWelcomePage
UnregisterTrayIcon

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6682f967a884b58c26f67d7acdca917

Headers

File Characteristics

Imports

wininet

shlwapi

rpcrt4

comctl32

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 14KB - Virtual size: 23KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 14KB - Virtual size: 23KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 13KB - Virtual size: 13KB