a3ca6149ed7b03803fe87c925f6c4dd3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3ca6149ed7b03803fe87c925f6c4dd3_JaffaCakes118
Size

144KB
MD5

a3ca6149ed7b03803fe87c925f6c4dd3
SHA1

0edae87d02e5b63fe47406cff110284a4d8c417e
SHA256

9df75a71a7b81d112e29d2abd1d9d6ae676590ead3180409bb7296ef3b648769
SHA512

f705d339d730e7325734e93b0e458e3fd0fd1a34cb4e70ba8e6de3d3978f6cbfaa93b4af6efa71c6c95111ea64f0946a921addff387f9dbf03f536cd53522c1b
SSDEEP

3072:OiEwQWIaWlvXHSqtZiHwStf/Dl4MVwL5:OishJHZktXSME

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3ca6149ed7b03803fe87c925f6c4dd3_JaffaCakes118

Files

a3ca6149ed7b03803fe87c925f6c4dd3_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

074d4be65a2f24f18560d029c4f678c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceA
CreateThread
DisableThreadLibraryCalls
TerminateThread
RaiseException
GetLastError
lstrcatA
lstrcpyA
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
CreateFileA
GetFileSize
GetTickCount
DeleteFileA
ExpandEnvironmentStringsA
WinExec
WriteFile
SetFilePointer
FindFirstFileA
FindNextFileA
FindClose
lstrcmpA
GetVersion
GetSystemDirectoryA
ReadFile
Sleep
IsBadReadPtr
SetUnhandledExceptionFilter
LocalFree
SetEnvironmentVariableA
CompareStringW
LoadResource
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetOEMCP
SizeofResource
lstrcpynA
IsDBCSLeadByte
FreeLibrary
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
LoadLibraryA
WriteProcessMemory
GetCurrentProcessId
VirtualQuery
GetProcAddress
GetModuleHandleA
GetCPInfo
GetStringTypeW
GetStringTypeA
RtlUnwind
QueryPerformanceCounter
IsBadCodePtr
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetTimeZoneInformation
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
HeapSize
TerminateProcess
ExitProcess
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
GetSystemInfo
lstrcmpiA
Module32Next
Module32First
GetCurrentProcess
CreateToolhelp32Snapshot
CompareStringA
CloseHandle
HeapReAlloc
HeapAlloc
VirtualProtect
VirtualAlloc
HeapFree

user32

FindWindowA
FindWindowExA
GetWindowTextA
SendMessageA
ShowWindow
CharNextA
wsprintfA
CharToOemA
IsCharAlphaNumericA
wsprintfW

advapi32

CryptImportKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyA
CryptReleaseContext
CryptDestroyKey
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA

ole32

CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SysStringLen
GetErrorInfo
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
SysFreeString
LoadRegTypeLi
LoadTypeLi
VariantCopy
VariantClear
VariantChangeType
SafeArrayCreate
SafeArrayGetVartype
VarBstrCmp
VariantInit
SafeArrayCopy

shlwapi

SHDeleteKeyA
PathFindExtensionA

imagehlp

ImageDirectoryEntryToData

wininet

InternetReadFile
InternetCloseHandle
FtpDeleteFileA
InternetOpenA
FtpGetFileA
FtpPutFileA
FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetConnectA
InternetOpenUrlA

crypt32

CertOpenStore
CertFindCertificateInStore
CryptAcquireCertificatePrivateKey
PFXExportCertStore
CertCloseStore
CertNameToStrA
CertFreeCertificateContext

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

074d4be65a2f24f18560d029c4f678c8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

imagehlp

wininet

crypt32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 155KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 155KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 8KB