b6c648cf27ae133786e9d36e72b367a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6c648cf27ae133786e9d36e72b367a4_JaffaCakes118
Size

124KB
MD5

b6c648cf27ae133786e9d36e72b367a4
SHA1

13e19f8d118dbf2ce897a2a5812f083ed0b01d50
SHA256

c3be37542bb9c82c915254ee046de76207d8883356d8a00463a4550e859adf96
SHA512

a8ee1f2f439f54006c57d6978854f76290025871a26bacdaaefacdee561c29c9e9d8e994c3085af566c98b98f739d3967a10dfd77c5a2b9101a5f7ad41eca294
SSDEEP

1536:wB006Cx1TWYaw/dRf/ldcXvU5/j75q8s1h7NcLkfIO2TkLZFdyL2J5NFs5gF6QrY:wi0F16Ya8L7XNjM37NchQzZJBs5gtr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6c648cf27ae133786e9d36e72b367a4_JaffaCakes118

Files

b6c648cf27ae133786e9d36e72b367a4_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

e11c0cd141cdd84bcca76a5c79ef3b3c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrcmpW
GetProcAddress
GetTempPathW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetFilePointer
GlobalLock
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetModuleFileNameW
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
SetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
lstrlenA
OutputDebugStringW
DebugBreak
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
lstrlenW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapSize
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
Sleep
VirtualQuery
HeapDestroy
HeapCreate
HeapReAlloc
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetConsoleCP
FreeLibrary
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
CloseHandle
GetVersionExW
WideCharToMultiByte

user32

InvalidateRect
GetDC
SetFocus
CallWindowProcW
CharNextW
LoadStringW
wvsprintfW
CharUpperW
DefWindowProcW
RegisterClassExW
UnregisterClassA
LoadCursorW
SetWindowLongW
GetWindowLongW
DestroyAcceleratorTable
GetDesktopWindow
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
InvalidateRgn
GetWindow
GetDlgItem
SendMessageW
IsWindow
GetClassNameW
GetSysColor
SetWindowPos
RedrawWindow
GetClassInfoExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
GetClientRect
ReleaseDC

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush

advapi32

RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
CryptGetHashParam
RegDeleteKeyW
CryptDestroyHash
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
OleUninitialize
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoUninitialize
CoLoadLibrary
CoFreeLibrary

oleaut32

LoadTypeLi
SysAllocString
OleCreateFontIndirect
VarUI4FromStr
UnRegisterTypeLi
SysAllocStringLen
VariantInit
VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString

comctl32

InitCommonControlsEx

shell32

SHGetFolderPathW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new1
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.new2
Size: 1024B - Virtual size: 649B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.new3
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e11c0cd141cdd84bcca76a5c79ef3b3c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

shell32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 6KB - Virtual size: 13KB

.new1 Size: 512B - Virtual size: 368B

.new2 Size: 1024B - Virtual size: 649B

.new3 Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 6KB - Virtual size: 13KB

.new1
Size: 512B - Virtual size: 368B

.new2
Size: 1024B - Virtual size: 649B

.new3
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 10KB