b4163aea8dbaf740ddb7dcc3b93fa2ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4163aea8dbaf740ddb7dcc3b93fa2ed_JaffaCakes118
Size

324KB
MD5

b4163aea8dbaf740ddb7dcc3b93fa2ed
SHA1

dd8f5c792e6a84e30b4cc81fbd482bb49507f020
SHA256

58e3dd9a8ecb12b40bff9312784bc986f84896cfa8f916e2a6805dae2ec46789
SHA512

8cf30f9a2865a77e4ddffcd7c394864a38ad96804b49989e9ed0fd875c8146ff03e0a0e080dcbe641311159c00e9a0769c47f0c3980814281aa03d52e82e8b26
SSDEEP

6144:CjCoCu6y9zaIbXkv8R4Y0HT0DIrh7UxUx54b3eVDSmV+H3XZ7sCmaj6:CjCoCu9JbX+8GYgT0DIWuVDSiCHZZj6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4163aea8dbaf740ddb7dcc3b93fa2ed_JaffaCakes118

Files

b4163aea8dbaf740ddb7dcc3b93fa2ed_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

a2e0ff40301607323b41a88f9731787d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

RpcStringFreeW
UuidToStringW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

UrlMkGetSessionOption
URLDownloadToFileW

wininet

InternetQueryOptionA
InternetOpenW
InternetConnectW
InternetCrackUrlW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetQueryOptionW
InternetSetOptionW

imagehlp

UnMapAndLoad
MapAndLoad

shlwapi

SHDeleteKeyW
SHGetValueW
SHDeleteValueW
StrStrIW
StrCmpIW
SHSetValueW
UrlEscapeW
PathStripPathW
StrStrIA
UrlGetPartW
SHRegSetUSValueW

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
GetSystemTime
CreateEventW
CloseHandle
OpenProcess
TerminateProcess
OpenMutexW
WaitForSingleObject
CreateProcessW
SetEvent
CreateMutexW
GetCommandLineW
ExitProcess
CreateThread
ExitThread
Sleep
GetModuleFileNameW
lstrlenW
lstrcpyW
DeleteFileW
lstrcpynA
InterlockedIncrement
InterlockedDecrement
lstrcmpiA
FreeLibrary
IsBadReadPtr
VirtualProtect
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
GlobalFree
ResetEvent
MoveFileExW
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsW
WideCharToMultiByte
QueryPerformanceCounter
GetEnvironmentVariableW
GetTempFileNameW
GetTickCount
LocalAlloc
LocalFree
GetLastError
GetLocalTime
SystemTimeToFileTime
VirtualQuery
GetSystemInfo
GetSystemWindowsDirectoryW
GetVolumeInformationW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersion
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
HeapSize
IsDebuggerPresent
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetCommandLineA
RaiseException
MultiByteToWideChar
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind

user32

PostMessageW
GetWindowThreadProcessId
DispatchMessageW
TranslateMessage
PeekMessageW
SetWindowTextW
OffsetRect
EnumChildWindows
GetClassNameW
CharLowerW
CharUpperW
ClientToScreen
MsgWaitForMultipleObjects

advapi32

SetNamedSecurityInfoW
DeleteAce
GetAce
GetNamedSecurityInfoW
ConvertSidToStringSidA
GetTokenInformation
OpenProcessToken
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptGetKeyParam
CryptSetKeyParam
CryptImportKey
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegDeleteKeyW
RegQueryValueW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyW
RegSetValueW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW

ole32

CLSIDFromString
CoTaskMemFree
OleUninitialize
OleInitialize
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayPutElement
SysAllocStringByteLen
SysAllocString
SysStringByteLen

Exports

Exports

DllCanUnloadNow
DllEnter
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2e0ff40301607323b41a88f9731787d

Headers

File Characteristics

Imports

rpcrt4

version

urlmon

wininet

imagehlp

shlwapi

crypt32

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 261KB - Virtual size: 260KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 192B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 261KB - Virtual size: 260KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 192B

.reloc
Size: 19KB - Virtual size: 18KB