8bc1edb7f6a18480249fa39d0803648a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8bc1edb7f6a18480249fa39d0803648a_JaffaCakes118
Size

336KB
MD5

8bc1edb7f6a18480249fa39d0803648a
SHA1

e7d5e954706df65b3cbe8d018781c243621fb84f
SHA256

fc943a8bb97cf258092f89b094c09d6dd4b4c0c373b1aba47a784fac017de9e0
SHA512

dac35b101ce2d7ea54a1f5aa1a39006e3331be7785341bb0b01a7423f45e525252847af8f318e1b17350e4e8a60b1f5f4d953c76258187b9eceaab329e63771d
SSDEEP

6144:aT4pEBjY8H3lMNeGmTa5PGHEqDbgLehQxMrlpVWPNSo2P5mVNtlRrliULBGWvz:aUajY8+oGmTa5PeEqDbgL0Hrl4Solfhz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bc1edb7f6a18480249fa39d0803648a_JaffaCakes118

Files

8bc1edb7f6a18480249fa39d0803648a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ab71f10298805e42c06888fe522ddd33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileA
CreateThread
TerminateThread
DisableThreadLibraryCalls
ReadFile
LocalFree
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
WaitForSingleObject
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
CreateProcessA
GetLocalTime
GetTickCount
SetFilePointer
WriteFile
GetFileSize
CloseHandle
GetSystemDirectoryA
InterlockedDecrement
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
GetVersion
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
OutputDebugStringA
DebugBreak
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
DeleteFileA
lstrlenW
lstrlenA
VirtualFreeEx

user32

SetForegroundWindow
SetFocus
BringWindowToTop
SetActiveWindow
SetWindowPos
SetWindowLongA
DestroyWindow
RegisterWindowMessageA
SendMessageTimeoutA
GetClassNameA
SetWindowsHookExA
GetWindowLongA
ShowWindow
GetActiveWindow
CharLowerA
CallNextHookEx
wsprintfA
CharNextA
wvsprintfA
GetParent
wsprintfW
GetSystemMetrics
SetTimer
UnhookWindowsHookEx
LoadStringA
SendMessageA
KillTimer

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegEnumKeyExA
RegQueryInfoKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantChangeType
VariantCopy
SysAllocStringLen

atl

ord21
ord15
ord18
ord57
ord30
ord16

msvcp60

?str@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_7out_of_range@std@@6B@
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@

urlmon

URLDownloadToFileA

wininet

InternetAttemptConnect
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetOpenUrlA
InternetCrackUrlA
InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA

netapi32

Netbios

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvcrt

??2@YAPAXI@Z
atol
time
_mbscmp
_ismbcspace
localtime
strstr
_except_handler3
memmove
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
_CxxThrowException
_mbsstr
_mbschr
wcslen
_ismbcdigit
_mbsrchr
_mbslwr
_itoa
__CxxFrameHandler
sprintf
rand
srand
_local_unwind2
_mbsicmp
strncpy
_mbsnbcpy
free
??1type_info@@UAE@XZ
__dllonexit
_stricmp
_onexit
_initterm
malloc
_adjust_fdiv
atoi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab71f10298805e42c06888fe522ddd33

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl

msvcp60

urlmon

wininet

netapi32

version

msvcrt

Exports

Exports

Sections

.text Size: 292KB - Virtual size: 290KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 1KB

.share Size: 4KB - Virtual size: 48B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 292KB - Virtual size: 290KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 1KB

.share
Size: 4KB - Virtual size: 48B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 8KB