a839608c31bfec5a9b02a40da9616ed2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a839608c31bfec5a9b02a40da9616ed2_JaffaCakes118
Size

256KB
MD5

a839608c31bfec5a9b02a40da9616ed2
SHA1

a82878acbad2142408e10ee4ab4bed31ce8154dc
SHA256

27f7ab5d3da0efaf8acab44edd04e2b5e9d67b5265e5b3dea47efbfe3a72d7c6
SHA512

b240142c00fdc2cad6e6c5b5e91ccd9322646c02ada25d25b7931d71aad5e3ef6997d88d14aef5ad86919276ecf6a90c94a806b94b430b05a937e2cfc0f34476
SSDEEP

6144:0jRnmt5AXglx7UwPJW7nHtcRPrsd10AUYlbCE:GMfAXgAwPgOZrE1Fzb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a839608c31bfec5a9b02a40da9616ed2_JaffaCakes118

Files

a839608c31bfec5a9b02a40da9616ed2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

46d0b77f0ae3fa8f103f949b74b294aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
LoadLibraryExW
lstrcmpiW
lstrcpynW
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetProcAddress
LoadLibraryW
lstrcpyW
lstrcatW
WideCharToMultiByte
Sleep
ReadFile
CloseHandle
GetFileSize
CreateFileW
WriteFile
GetSystemTime
WaitForSingleObject
CreateProcessW
TerminateProcess
ExpandEnvironmentStringsW
GetVersionExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemInfo
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
GlobalLock
LoadLibraryA
GetOEMCP
GetACP
SizeofResource
GetStringTypeA
GetCPInfo
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
ExitProcess
SetUnhandledExceptionFilter
GetVersion
GetCommandLineA
GetLocalTime
GetTimeZoneInformation
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
RaiseException
InterlockedExchange
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GlobalAlloc
FindResourceW
SetEnvironmentVariableA
LoadResource
LockResource
GlobalHandle
lstrlenA
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetShortPathNameW
lstrcmpW
InterlockedDecrement
InterlockedIncrement
GetStringTypeW
GetCurrentThreadId
GlobalFree
FreeResource
GetCurrentProcess
FlushInstructionCache

user32

EndPaint
BeginPaint
GetDlgItem
SetWindowTextW
EndDialog
GetClientRect
GetDC
ReleaseDC
InvalidateRect
PtInRect
PostMessageW
LoadBitmapW
WaitForInputIdle
SetFocus
MoveWindow
GetSystemMetrics
SetRect
MessageBoxW
GetWindowTextW
SetWindowLongW
ShowWindow
IsWindow
GetCursorPos
ReleaseCapture
SetCapture
DialogBoxIndirectParamW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
DefWindowProcW
GetWindow
GetWindowTextLengthW
CreateDialogParamW
LoadIconW
DestroyIcon
KillTimer
SetTimer
SystemParametersInfoW
CharNextW
wsprintfW
GetClassNameW
CreateWindowExW
SendMessageW
DestroyWindow
InvalidateRgn
CreateAcceleratorTableW
GetParent
GetDesktopWindow
RedrawWindow
SetWindowPos
FillRect
CallWindowProcW
GetFocus
IsChild
GetSysColor
CreateDialogIndirectParamW
GetWindowLongW

gdi32

GetObjectW
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
SelectObject
GetStockObject

advapi32

RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegFlushKey
RegQueryValueExW
RegCloseKey

ole32

CoTaskMemRealloc
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysAllocStringLen
VarUI4FromStr
VariantCopy
VariantChangeType
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString
VariantClear
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen

winmm

timeEndPeriod
timeKillEvent
timeSetEvent
timeGetDevCaps
timeBeginPeriod

wininet

InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetSetCookieW
InternetQueryDataAvailable
InternetReadFile
InternetGetCookieW

netapi32

Netbios

iphlpapi

GetAdaptersInfo

shlwapi

UrlGetPartW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46d0b77f0ae3fa8f103f949b74b294aa

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

winmm

wininet

netapi32

iphlpapi

shlwapi

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 23KB

.rsrc Size: 104KB - Virtual size: 103KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 104KB - Virtual size: 103KB

.reloc
Size: 12KB - Virtual size: 8KB