958f1340fc457cc70c3c0fa7269b7215_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

958f1340fc457cc70c3c0fa7269b7215_JaffaCakes118
Size

288KB
MD5

958f1340fc457cc70c3c0fa7269b7215
SHA1

5a57da414e861f09870cd6e17573cc3ae8d373ab
SHA256

31dcf793828b411ed1990acfe774b1b2aa24bc4c083e6a14d97e79b2dcd9f3b3
SHA512

89bd3ef8321018b317171f65d781ec2dc3e97a3bf5f5c8871c24dabc8d169d7958b32556507b9d99c26607fe3d391b2c88333fdd2930fe533f260709a6f888db
SSDEEP

3072:OsUbAfE0q37fMIDTEJeSwxj4vVKg08+lZde6jqz34HypNdSybZtJbU6lTG:ORBEIMcSwxjIPP+lq6mz3UUdW/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
958f1340fc457cc70c3c0fa7269b7215_JaffaCakes118

Files

958f1340fc457cc70c3c0fa7269b7215_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

bf7e1d8b1b25c263ceb2261ff9fc6611

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnregisterClassA
GetWindowThreadProcessId
SetWindowLongA
GetWindowLongA
CreateWindowExA
DestroyWindow
ShowWindow
SendMessageA
DefWindowProcA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
SetTimer
KillTimer
GetForegroundWindow
AttachThreadInput
GetActiveWindow
GetSystemMetrics
SetForegroundWindow
SetActiveWindow
wsprintfA
CreateAcceleratorTableA
IsWindow
GetDesktopWindow
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
CharNextA

kernel32

GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
LCMapStringW
LCMapStringA
GetStartupInfoA
SetHandleCount
GetFileType
SetStdHandle
GetCurrentDirectoryA
GetFullPathNameA
GetOEMCP
GetCPInfo
GetConsoleMode
GetConsoleCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
HeapCreate
HeapDestroy
GetCommandLineA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
lstrcmpiA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
SizeofResource
FlushFileBuffers
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
CloseHandle
ReadFile
SetFilePointer
CreateFileA
VirtualQuery
GetLocaleInfoA
GlobalUnlock
GlobalLock
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
lstrcmpA
MulDiv
GetCurrentThreadId
SetLastError
WaitForSingleObject
CreateThread
CreateProcessA
GetTempPathA
Sleep
VirtualAlloc
GetProcAddress
LoadLibraryA
IsBadReadPtr
VirtualProtect
VirtualFree
HeapFree
GetProcessHeap
HeapAlloc
LockResource
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetSystemInfo
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalFree
InterlockedExchange
GetACP
LoadResource
GetCurrentProcessId
GetSystemTimeAsFileTime

oleaut32

RegisterTypeLi
UnRegisterTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocString
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysStringLen
VariantClear
VariantInit
VarUI4FromStr
SysFreeString
SysAllocStringLen

advapi32

RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyA

gdi32

DeleteObject
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectA
GetStockObject

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoTaskMemAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf7e1d8b1b25c263ceb2261ff9fc6611

Headers

File Characteristics

Imports

user32

kernel32

oleaut32

advapi32

gdi32

ole32

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 20KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 20KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 20KB - Virtual size: 19KB