8d0da59ca1dc57ca5dcd58c2e7870b32_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d0da59ca1dc57ca5dcd58c2e7870b32_JaffaCakes118
Size

608KB
MD5

8d0da59ca1dc57ca5dcd58c2e7870b32
SHA1

186872aa35bc3a02fce390f67bc3c414ef36ea98
SHA256

31f6236ec7f04e8beb8f1dc2143c7aea10f83c9e3c0298f9b3e4d6a21755d305
SHA512

64dfb6e748b5580a3e37816f847f97bfdd230de2398f3dede1b511ef019c4bdf4f94544964161209548b6ec59237c8f90b758d88634356b64afa47c400aa16f2
SSDEEP

6144:81rfVo7S5D04/qNZrvofXhYjzSFLUrY3cdoSU8kEfhrcLshmCD/l6Dv:81rdLZ04CGhGM4U3cnUAJgLshX0Dv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d0da59ca1dc57ca5dcd58c2e7870b32_JaffaCakes118

Files

8d0da59ca1dc57ca5dcd58c2e7870b32_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7d78b649db28461ea6b7ac4877d45df9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\miha\bho\Browser.Helpd1\Browser.Help\Release\rvrs.pdb

Imports

libcurl

curl_global_cleanup
curl_easy_setopt
curl_easy_init
curl_global_init
curl_formfree
curl_formadd
curl_easy_perform

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
CreateTimerQueueTimer
DeleteTimerQueueTimer
InterlockedIncrement
InterlockedDecrement
GetTickCount
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
CreateProcessA
CreateSemaphoreW
CloseHandle
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
DeleteTimerQueue
EnterCriticalSection
LeaveCriticalSection
OpenMutexW
GetACP
CreateMutexW
CreateTimerQueue
GetCurrentThreadId
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExW
GetVersionExA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateFileW
Sleep
GetCurrentProcessId
lstrlenA
WriteFile
ReadFile
GetFileSize
ExitProcess
GetVolumeInformationW
SetErrorMode
GetFileTime
GetWindowsDirectoryW
CreateThread
GetCommandLineW
InitializeCriticalSectionAndSpinCount
GetTempPathW
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
SetFileTime
WideCharToMultiByte
HeapFree
GetProcessHeap
InterlockedExchange
GetLocaleInfoA
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
lstrlenW
SetEndOfFile
CreateFileA
GetOEMCP
TerminateThread
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
VirtualFree
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualProtect
GetUserDefaultLCID
GetStringTypeExW
LCMapStringA
LCMapStringW
LoadLibraryA
InterlockedCompareExchange
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime

user32

LoadStringW
UnregisterClassA
SetWindowPos
GetForegroundWindow
GetMessageW
ShowWindow
GetActiveWindow
PostMessageW
GetKeyboardState
FindWindowExW
PostThreadMessageW
CharNextW
AllowSetForegroundWindow

advapi32

RegEnumKeyExW
GetUserNameW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
StringFromGUID2
OleRun
CLSIDFromProgID
CLSIDFromString
CoTaskMemRealloc

oleaut32

SysAllocString
VariantClear
GetErrorInfo
VariantChangeType
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantInit

shlwapi

UrlEscapeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 484KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d78b649db28461ea6b7ac4877d45df9

Headers

File Characteristics

PDB Paths

Imports

libcurl

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 484KB - Virtual size: 480KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 28KB - Virtual size: 24KB

.text
Size: 484KB - Virtual size: 480KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 28KB - Virtual size: 24KB