b8d4ecc1ae3bdb9ca0ddcbb461195cfc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b8d4ecc1ae3bdb9ca0ddcbb461195cfc_JaffaCakes118
Size

304KB
MD5

b8d4ecc1ae3bdb9ca0ddcbb461195cfc
SHA1

79ff6dbdbbee720b6adfc6aab8f30bf3e5caad96
SHA256

46a5e7d40a8fcfdd75448b0be5e2c25239ce9a76e3c94079411f1caef8feb0e3
SHA512

c1151daadf284149baa44f256a339b5bb21cae3b67419102ca94be28ecb4bb9a3a03acac373f16854c1e22144dc4a37cbc0883639dc4650e4ad2c4f555fb69da
SSDEEP

6144:aFsliB6Y/MVBH+eawPquxM5nC1RPmoicYpy:Bg6sMHH+xwfi5nfoi/py

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8d4ecc1ae3bdb9ca0ddcbb461195cfc_JaffaCakes118

Files

b8d4ecc1ae3bdb9ca0ddcbb461195cfc_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a8b9579bfc812bb8bc348d8dc78bebf8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToFileA
CreateURLMoniker

kernel32

FindClose
FindNextFileA
FindFirstFileA
DebugBreak
OutputDebugStringA
GetCurrentProcessId
CopyFileA
TerminateThread
GetVersionExA
GetSystemDirectoryA
GlobalSize
GetShortPathNameA
DeleteFileA
WriteFile
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrcmpA
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetProcAddress
lstrcatA
lstrcpyA
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
lstrlenA
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
LocalFree
lstrlenW
GetModuleFileNameA

user32

GetClassInfoExA
LoadCursorA
RegisterClassExA
CharNextA
SetWindowLongA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
GetSysColor
SetFocus
RegisterWindowMessageA
GetFocus
CallWindowProcA
EndPaint
FillRect
GetClientRect
BeginPaint
SetWindowPos
IsWindow
RedrawWindow
ReleaseDC
GetDesktopWindow
DefWindowProcA
IsChild
GetWindow
CharUpperA
OpenClipboard
GetClipboardData
CloseClipboard
CheckMenuRadioItem
ShowWindow
GetComboBoxInfo
SetActiveWindow
InflateRect
DrawFocusRect
FrameRect
AppendMenuA
MoveWindow
UpdateWindow
CallNextHookEx
GetSystemMetrics
SystemParametersInfoA
GetWindowDC
SetRectEmpty
GetDC
SetWindowsHookExA
LoadImageA
KillTimer
DrawStateA
DestroyIcon
LoadBitmapA
DrawTextA
IsWindowVisible
CopyRect
GetKeyState
GetWindowRect
MapWindowPoints
CreatePopupMenu
TrackPopupMenu
DestroyMenu
LoadStringA
GetMessagePos
ScreenToClient
SetTimer
wvsprintfA
SetCursor
PeekMessageA
TranslateMessage
DispatchMessageA
CharLowerA
MessageBoxA
CreateWindowExA
wsprintfA
GetClassNameA
GetDlgItem
SendMessageA
DestroyWindow
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetParent
UnhookWindowsHookEx

gdi32

CreateFontIndirectA
MoveToEx
LineTo
CreatePen
Rectangle
SetTextColor
SetBkColor
ExtTextOutA
SetBkMode
EnumFontFamiliesExA
CreateFontA
GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
RoundRect

advapi32

RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteKeyA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
ReleaseStgMedium
RegisterDragDrop
OleRun
OleLockRunning
StringFromCLSID
CLSIDFromString
CLSIDFromProgID

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
VariantCopy
VariantChangeType
SysFreeString
VarUI4FromStr
SysAllocString
RegisterTypeLi
LoadTypeLi
VariantClear
SysAllocStringLen
SysStringLen
OleCreateFontIndirect
LoadRegTypeLi
DispCallFunc
SysAllocStringByteLen
VariantInit

winmm

PlaySoundA

wininet

DeleteUrlCacheEntry
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetReadFile
InternetQueryDataAvailable
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

comctl32

ImageList_GetImageCount
InitCommonControlsEx
ImageList_GetIcon
ImageList_Draw
ImageList_Create
ImageList_AddMasked
ImageList_LoadImageA
ImageList_Destroy

msimg32

GradientFill
TransparentBlt

msvcrt

??3@YAXPAX@Z
free
__CxxFrameHandler
_EH_prolog
malloc
realloc
memcpy
??2@YAPAXI@Z
memset
memcmp
_purecall
strlen
strftime
localtime
time
atoi
rand
strrchr
strcmp
strtok
difftime
mktime
_itoa
strstr
wcslen
isdigit
memmove
strchr
wcscmp
atol
_CxxThrowException
wcstol
wcstod
strcat
wcsrchr
wcscpy
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_ltoa
isspace

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8b9579bfc812bb8bc348d8dc78bebf8

Headers

File Characteristics

Imports

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

wininet

comctl32

msimg32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 173KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 24KB - Virtual size: 21KB

.text
Size: 176KB - Virtual size: 173KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 24KB - Virtual size: 21KB