b89a9356d75c8accde41ecb16adb89ae_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b89a9356d75c8accde41ecb16adb89ae_JaffaCakes118
Size

112KB
MD5

b89a9356d75c8accde41ecb16adb89ae
SHA1

c4146dfd14bf19f6f39c4b9cdfabe80c8ebd21d7
SHA256

ec4d28b30a55e343d834878fc6a3162e6e7d89940952840887ad339cc0c829f2
SHA512

3f0104db5fa0e42e85ef5c14d4beadf347506eafdcb06bf2666e87823a83d02adbddf69fb0a4dc06918446fedd75b2ee4b626bb7685444ff518d9325dd98e5c4
SSDEEP

3072:ZqpHeP0fDXmjRaPv1lqDpTi3Nl3WcSSB4vP:VJjsXGkrB4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b89a9356d75c8accde41ecb16adb89ae_JaffaCakes118

Files

b89a9356d75c8accde41ecb16adb89ae_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

375314f944a09d33fd1dd96d8906ac9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
lstrlenW
lstrcmpA
MulDiv
HeapFree
FlushInstructionCache
GetProcessHeap
HeapAlloc
GetCurrentThreadId
EnterCriticalSection
WideCharToMultiByte
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
LeaveCriticalSection
VirtualProtect
GlobalUnlock
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetCurrentProcessId
InterlockedIncrement
GetModuleHandleA
GetProcAddress
FreeLibrary
LoadLibraryExA
lstrcatA
GetTickCount
QueryPerformanceCounter
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
GetLastError
InterlockedDecrement
CompareFileTime
Sleep
GetSystemTimeAsFileTime
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
OpenFileMappingA
OpenEventA
CloseHandle
OpenMutexA
ResetEvent
SetEvent
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
WaitForSingleObject
LocalFree
lstrcpyA

user32

DispatchMessageA
TranslateMessage
IsWindowUnicode
GetMessageW
GetMessageA
DispatchMessageW
PeekMessageA
UnregisterClassA
GetAsyncKeyState
SendMessageA
LoadCursorA
wsprintfA
GetClassInfoExA
RegisterClassExA
SetWindowLongA
CreateWindowExA
DestroyWindow
CallWindowProcA
DefWindowProcA
GetWindowLongA
DestroyAcceleratorTable
GetSysColor
BeginPaint
GetClientRect
FillRect
EndPaint
GetDC
ReleaseDC
IsChild
GetFocus
SetFocus
GetWindow
IsWindow
GetDlgItem
RedrawWindow
GetClassNameA
GetParent
CharNextA
SetWindowPos
CreateAcceleratorTableA
SetCapture
ReleaseCapture
InvalidateRect
InvalidateRgn
GetDesktopWindow
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
GetObjectA

advapi32

RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryInfoKeyA

shell32

SHGetFileInfoA

ole32

OleUninitialize
OleInitialize
CoTaskMemAlloc
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
StringFromCLSID

oleaut32

OleCreateFontIndirect
UnRegisterTypeLi
RegisterTypeLi
DispCallFunc
VarUI4FromStr
VariantInit
VariantClear
SysAllocString
SysStringByteLen
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysAllocStringByteLen
SysAllocStringLen

shlwapi

PathStripPathA
SHDeleteKeyA
PathFindExtensionA

msvcp71

?_Nomemory@std@@YAXXZ

msvcr71

__CxxFrameHandler
??3@YAXPAX@Z
free
malloc
_resetstkoflw
realloc
_mbslwr
_mbscmp
??_V@YAXPAX@Z
_mbschr
memmove
wcslen
wcsspn
wcscspn
wcspbrk
_wcslwr
_mbsicmp
_mbsstr
_mbsrchr
_vscwprintf
vswprintf
wcscmp
_purecall
wcsncpy
_CxxThrowException
_except_handler3
memset
_callnewh
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CppXcptFilter
__security_error_handler

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

375314f944a09d33fd1dd96d8906ac9d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB