add7dc480c7869dc19b96419cffdfc9b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

add7dc480c7869dc19b96419cffdfc9b_JaffaCakes118
Size

316KB
MD5

add7dc480c7869dc19b96419cffdfc9b
SHA1

8b031f4c82b63be820495e372eaa6dcf4c3d4106
SHA256

99e5047791ede72ad99807bc8ac51eaffb53e3ceaa63426ea6d59fe25f099659
SHA512

8002f5677d39e1ad36b2cb8dd56f9ffd18bf03392e1e55adbc00a1581bae6d7f871b306cef83b5d28c9f6d94b66ca06f6b196263f009a0f04b87804af23d368d
SSDEEP

3072:+wSHISxhXte1a3i3/a+tNH6ypqPBmkRlnhA0AjkbYdV3zBrCOo84WZtypKWU4mb:+iS6uiS+tNXcmY/A0AYsdpzAZYmKPb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
add7dc480c7869dc19b96419cffdfc9b_JaffaCakes118

Files

add7dc480c7869dc19b96419cffdfc9b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

99b5079f63e583099de3e79a7f452f9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
CreateProcessA
GetTempPathA
Sleep
GetCurrentThreadId
lstrcmpA
CreateThread
VirtualQuery
GetCurrentProcessId
GetProcAddress
LoadLibraryA
VirtualProtect
LockResource
GetProcessId
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
ReadFile
SetFilePointer
CreateFileA
VirtualAlloc
IsBadReadPtr
VirtualFree
HeapAlloc
GetProcessHeap
GlobalUnlock
GlobalLock
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
MulDiv
SetLastError
WaitForSingleObject
GetStringTypeW
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetFileType
GetModuleHandleA
GetCurrentDirectoryA
GetLastError
GetConsoleMode
GetConsoleCP
HeapSize
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetCPInfo
GetStdHandle
WriteFile
ExitProcess
HeapCreate
HeapDestroy
GetCommandLineA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
HeapReAlloc
RtlUnwind
GetSystemInfo
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
HeapFree
InterlockedCompareExchange
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
LocalFree
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
InterlockedDecrement
InterlockedIncrement
lstrcmpiA
SetStdHandle
lstrlenA
DeleteCriticalSection
CloseHandle
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetFullPathNameA
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers

oleaut32

SysFreeString
VariantInit
VariantClear
DispCallFunc
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
SysStringByteLen
OleCreateFontIndirect
VarUI4FromStr

user32

GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DefWindowProcA
SendMessageA
DestroyWindow
CreateWindowExA
ReleaseDC
SetWindowLongA
GetMessageA
TranslateMessage
DispatchMessageA
TranslateAcceleratorA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetActiveWindow
GetFocus
GetSystemMetrics
ShowWindow
wsprintfA
SetForegroundWindow
SetActiveWindow
SetFocus
CharNextA
SetTimer
KillTimer
InvalidateRect
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameA
ReleaseCapture
FillRect
CallWindowProcA
EndPaint
BeginPaint
DestroyAcceleratorTable
GetWindow
GetDesktopWindow
IsWindow
CreateAcceleratorTableA
GetWindowLongA
InvalidateRgn
UnregisterClassA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

ole32

CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
StringFromGUID2
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

gdi32

DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectA
GetStockObject
SelectObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99b5079f63e583099de3e79a7f452f9a

Headers

File Characteristics

Imports

kernel32

oleaut32

user32

advapi32

ole32

gdi32

Exports

Exports

Sections

.text Size: 216KB - Virtual size: 214KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 24KB - Virtual size: 29KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 216KB - Virtual size: 214KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 24KB - Virtual size: 29KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 24KB - Virtual size: 20KB