a585e8268245fcdd6eb3f464855eccee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a585e8268245fcdd6eb3f464855eccee_JaffaCakes118
Size

422KB
MD5

a585e8268245fcdd6eb3f464855eccee
SHA1

32b2c2cce10a829ba3ebf37ac35eb33768fcc10a
SHA256

c31b23f2c2933c8dd30f10e2b61f4e1b909b686cf14f378767da258ba5bc0733
SHA512

fdd321b6618c3cb3478a19451da8323d9c86c9370bb85be4a4b5d554f032cff129c95bda3e646668e4752c4e4848f93456741d667d5884c3d47ccca8c0ff73b0
SSDEEP

6144:mJLp1+d5hZR6RG7OXkyoRq6qb7KFozRBKKJXnh9xAO4TptcEWkjj:m5sLZRw+i/oHieFozRBHNntOTpA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a585e8268245fcdd6eb3f464855eccee_JaffaCakes118

Files

a585e8268245fcdd6eb3f464855eccee_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

52a523d8ff84efa5bd6b3a3c9ae7bdba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

NS_StringCopy
NS_StringContainerInit2
NS_StringContainerFinish
NS_StringContainerInit
NS_StringGetData

mozalloc

moz_xmalloc
moz_free

pltfrm

?GetCid@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?GetServer@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetPath@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetParams@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
??0XUrlFormat@@QAE@XZ
??1XUrlFormat@@UAE@XZ
?SetUrl@XUrlFormat@@QAEXPAUIXMLDOMNode@MSXML2@@@Z
?SetGuru@XUrlFormat@@QAEXPAUIGuru@@@Z

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExW
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GetProcessHeap
FormatMessageW
GetCurrentThreadId
SetLastError
CloseHandle
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateEventW
SetEvent
ResetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
lstrcpynW
WaitForMultipleObjects
WideCharToMultiByte
Sleep
lstrlenA
CreateFileW
RaiseException
GetVersionExW
LoadLibraryW
ResumeThread
TerminateThread
CreateThread
SetEndOfFile
SetFilePointer
FlushFileBuffers
ReadFile
WriteFile
GetTickCount
ReleaseSemaphore
CreateSemaphoreW
SetUnhandledExceptionFilter
VirtualQuery
IsBadWritePtr
GetCurrentThread
OutputDebugStringW
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
InitializeCriticalSectionAndSpinCount
lstrlenW
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
LCMapStringA
GetConsoleCP
GetConsoleMode
InterlockedCompareExchange
HeapFree
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
DeleteFileW
VirtualAlloc

user32

IsWindow
CallWindowProcW
GetWindowLongW
CreateWindowExW
RegisterClassExW
DefWindowProcW
LoadCursorW
GetClassInfoExW
DestroyWindow
KillTimer
SetTimer
SetWindowLongW
CharNextW
UnregisterClassA

gdi32

DeleteDC

advapi32

RegOpenKeyExW
RegCreateKeyExW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
SetSecurityDescriptorSacl

shell32

SHCreateDirectoryExW

ole32

CoUninitialize
CoCreateGuid
StringFromCLSID
CLSIDFromProgID
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
GetRunningObjectTable
CreateItemMoniker

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VarBstrCat
SysAllocStringLen
LoadRegTypeLi
VariantChangeType
VarBstrCmp

gdiplus

GdiplusShutdown

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52a523d8ff84efa5bd6b3a3c9ae7bdba

Headers

File Characteristics

Imports

xpcom

mozalloc

pltfrm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 268KB - Virtual size: 267KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 18KB - Virtual size: 27KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 18KB - Virtual size: 27KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 40KB - Virtual size: 39KB