ac167d9e3d00b18ac1f56c396fae99b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ac167d9e3d00b18ac1f56c396fae99b6_JaffaCakes118
Size

136KB
MD5

ac167d9e3d00b18ac1f56c396fae99b6
SHA1

77ec6c85b742e5f2d4bd3347734f7a2da365eda2
SHA256

3e412861956901b83a12a1f44054eb62a614f9073c603633c4f539ceb4db494f
SHA512

df0035ff476c9c5cbd706e44ce46afb33ccec31be5671ab45face915ab05738242f7f77288d660359fde7f3351e279b7064cb22952bea7cc8af9362a54521388
SSDEEP

3072:B0ppXArtRsu1G6qjL+ExM5rvCquW+EuMgn/WM:QArzsdd6YMg/B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac167d9e3d00b18ac1f56c396fae99b6_JaffaCakes118

Files

ac167d9e3d00b18ac1f56c396fae99b6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

adf7ecacca31e477f4305fc16e94701e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
lstrlenA
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
lstrcmpA
MulDiv
HeapFree
FlushInstructionCache
GetProcessHeap
HeapAlloc
GetCurrentThreadId
WideCharToMultiByte
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
VirtualProtect
GetLastError
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
InterlockedIncrement
GetProcAddress
FreeLibrary
LoadLibraryExA
lstrcatA
InterlockedDecrement
CompareFileTime
Sleep
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
GetPrivateProfileStringA
GetCurrentProcess
OpenFileMappingA
OpenEventA
CloseHandle
OpenMutexA
ResetEvent
SetEvent
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
WaitForSingleObject
LocalFree
GetVersionExA
RaiseException
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcessId
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
lstrcpyA

user32

RedrawWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
IsWindow
LoadStringA
GetWindowLongA
PostMessageA
SendMessageA
SetCursor
GetCursorPos
WindowFromPoint
GetAsyncKeyState
wsprintfA
GetClassInfoExA
RegisterClassExA
SetWindowLongA
CreateWindowExA
DestroyWindow
CallWindowProcA
DefWindowProcA
DestroyAcceleratorTable
GetSysColor
BeginPaint
GetClientRect
FillRect
EndPaint
GetDC
ReleaseDC
IsChild
GetAncestor
SetFocus
GetWindow
GetDlgItem
GetFocus
GetParent
CharNextA
SetWindowPos
CreateAcceleratorTableA
SetCapture
ReleaseCapture
InvalidateRect
InvalidateRgn
GetDesktopWindow
RegisterWindowMessageA
SetWindowTextA
GetClassNameA
GetWindowTextA
GetWindowTextLengthA
DispatchMessageW
GetMessageA
GetMessageW
IsWindowUnicode
DispatchMessageA
TranslateMessage
PeekMessageA
UnregisterClassA
LoadCursorA

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
SelectObject
DeleteObject
GetDeviceCaps
GetStockObject
DeleteDC
GetObjectA

advapi32

RegQueryInfoKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA

shell32

SHGetFileInfoA

ole32

CoTaskMemRealloc
StringFromCLSID
CoTaskMemFree
OleUninitialize
OleInitialize
CoTaskMemAlloc
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CoGetClassObject
CLSIDFromProgID
CLSIDFromString

oleaut32

UnRegisterTypeLi
DispCallFunc
VarUI4FromStr
VariantInit
VariantClear
SysAllocString
SysStringByteLen
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
OleCreateFontIndirect
SysAllocStringLen
SysAllocStringByteLen
RegisterTypeLi

shlwapi

PathStripPathA
SHDeleteKeyA
PathFindExtensionA

msvcp71

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Nomemory@std@@YAXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvcr71

__security_error_handler
__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_callnewh
memset
_except_handler3
_CxxThrowException
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
__CxxFrameHandler
wcsncpy
wcscmp
vswprintf
_vscwprintf
_mbsstr
_mbsicmp
??1exception@@UAE@XZ
??3@YAXPAX@Z
??0exception@@QAE@XZ
free
??0exception@@QAE@ABV0@@Z
_purecall
malloc
memmove
??_V@YAXPAX@Z
_resetstkoflw
realloc
_mbsrchr
_mbslwr
_mbscmp
_mbschr
wcslen
wcsspn
wcscspn
wcspbrk
_wcslwr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetAVWndHooksInst

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adf7ecacca31e477f4305fc16e94701e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 1KB

Shared Size: 4KB - Virtual size: 12B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 1KB

Shared
Size: 4KB - Virtual size: 12B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 10KB