a099c3400f58147987461b98e1904fbe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a099c3400f58147987461b98e1904fbe_JaffaCakes118
Size

241KB
MD5

a099c3400f58147987461b98e1904fbe
SHA1

d56ac1892b9fe403865733ac8f3af2f7c2f55db7
SHA256

16259ba499f3b645460be5d3d3d1e6c018b1cbb047d5dc3f6d406decfd76c84b
SHA512

6c0c4e3309d4a6a696ce35e5e3b7ca3ece16619d834c54e4e70d4e1e50fa5b4cee18193d5f0656e7e1153ba0d46cb11811fb9ac6957be3f1715bf8004cc4957f
SSDEEP

6144:6Sh81eUl2KfCQfKNQz67QFx9+BtowVBAoD:1un+Qz6C+BtowVBAoD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a099c3400f58147987461b98e1904fbe_JaffaCakes118

Files

a099c3400f58147987461b98e1904fbe_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b0abb30af31e37c85c762bfadd5dc1ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
CreateRemoteThread
VirtualFreeEx
VirtualAllocEx
OpenProcess
LocalFree
GetComputerNameW
HeapFree
HeapAlloc
GetProcessHeap
SetLastError
GetVersionExW
GetExitCodeThread
CreateFileW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsW
GetSystemDefaultLangID
GetACP
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
lstrcpynW
GetTimeZoneInformation
CloseHandle
GetLocaleInfoW
SetEnvironmentVariableA
ResetEvent
CreateEventW
SetEvent
lstrcatW
lstrcpyW
LoadLibraryW
GetProcAddress
FreeLibrary
HeapDestroy
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
lstrcmpiW
GetModuleFileNameW
lstrlenW
GetModuleHandleW
GetShortPathNameW
InitializeCriticalSection
CopyFileW
DisableThreadLibraryCalls
CompareStringW
CompareStringA
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetStdHandle
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetCPInfo
SetFilePointer
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
FatalAppExitA
IsBadWritePtr
ReadFile
GetFileSize
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
CreateSemaphoreW
CreateMutexW
InterlockedExchangeAdd
ReleaseMutex
ReleaseSemaphore
Sleep
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
RtlUnwind
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc

user32

CharLowerW
LoadStringW
CharNextW
wsprintfW
GetWindowThreadProcessId
IsWindow
GetParent

advapi32

GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
IsValidSid
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
LookupAccountNameW
ConvertSidToStringSidW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
CryptEncrypt
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptDeriveKey
RegEnumKeyW

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
StringFromCLSID
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
CoRegisterPSClsid
CoRegisterClassObject
CoRevokeClassObject

oleaut32

SysAllocStringLen
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo
VariantInit
SysAllocString
SysFreeString
LoadTypeLi
RegisterTypeLi
VarBstrFromI4
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
VariantClear
VarI4FromStr
SysStringLen
LoadRegTypeLi

psapi

GetModuleFileNameExW

shlwapi

SHCreateStreamOnFileW
PathAppendW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetCurrentGroupID
GetFireFoxMonitorState
GetLastUpdatedTimeStamp
GetScreenCaptureMonitorState

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FFSHARE
Size: 4KB - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0abb30af31e37c85c762bfadd5dc1ce

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

psapi

shlwapi

version

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 142KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 20KB - Virtual size: 25KB

.FFSHARE Size: 4KB - Virtual size: 532B

.SHARSTA Size: 4KB - Virtual size: 4B

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 144KB - Virtual size: 142KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 20KB - Virtual size: 25KB

.FFSHARE
Size: 4KB - Virtual size: 532B

.SHARSTA
Size: 4KB - Virtual size: 4B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 12KB - Virtual size: 9KB