ba7827542d83603a3c30b82d6aa8aa8c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ba7827542d83603a3c30b82d6aa8aa8c_JaffaCakes118
Size

440KB
MD5

ba7827542d83603a3c30b82d6aa8aa8c
SHA1

997178a048b9c63fa38e4e0e1d3c4f0bf24a7921
SHA256

b66092063a94191a8eefa62a0b9a7bb3c634ce8ce482a56d719ddd6080f2ed36
SHA512

26cf8e302a8dea1290ce7c50a1391743575eb7e151abd9fb4913495362914a4d7539f474ddb3f7a19167da903c4c9daac66ddb61deaaea8d56e5f6682ab31f73
SSDEEP

6144:I7OYnbjrftuQ5nbE1alVdqhV6l4+8cZ94FbPnJKchpZ+2o1A6ZC:IyYnXrluynbE1azdY4l44Z9QPG2EZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba7827542d83603a3c30b82d6aa8aa8c_JaffaCakes118

Files

ba7827542d83603a3c30b82d6aa8aa8c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

abfd58003a2abcf6402871b8ccd8d8df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winio

SetPortVal
ShutdownWinIo
SetDriverPath
InitializeWinIo
GetPortVal

wininet

InternetGetCookieA

ws2_32

socket
send
closesocket
recv
connect
htons
WSAStartup
gethostbyname

urlmon

URLDownloadToFileA

kernel32

GetSystemInfo
FreeLibrary
SetErrorMode
LoadLibraryExA
GetACP
GetLocaleInfoA
GetThreadLocale
GetModuleFileNameA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
LocalFree
FormatMessageA
lstrcpyA
lstrcmpiA
CompareStringA
GlobalUnlock
lstrcpynA
GlobalLock
GlobalAlloc
WriteFile
ReadFile
FindClose
FindFirstFileA
DisableThreadLibraryCalls
InitializeCriticalSection
GetShortPathNameA
IsDBCSLeadByte
lstrcatA
DeleteCriticalSection
MulDiv
FreeResource
InterlockedExchange
GlobalHandle
Sleep
ResumeThread
CreateThread
CompareStringW
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
GetStringTypeA
SetEndOfFile
SetFilePointer
GetFileSize
GetFileType
GetLocalTime
RaiseException
HeapFree
HeapAlloc
GetFullPathNameA
HeapReAlloc
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
ExitProcess
TerminateProcess
HeapSize
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
lstrcmpA
GetVersionExA
MultiByteToWideChar
GetCurrentProcessId
lstrlenW
WideCharToMultiByte
InterlockedIncrement
GetPrivateProfileIntA
GetPrivateProfileStringA
MoveFileA
LoadLibraryA
GetModuleFileNameW
LoadLibraryW
OutputDebugStringA
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLastError
SetLastError
DeleteFileA
lstrlenA
GetSystemTime
InterlockedDecrement
IsBadWritePtr
GetCurrentDirectoryA
GetDriveTypeA
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
RtlUnwind
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GlobalFree
PeekNamedPipe

user32

BeginPaint
PtInRect
SetCapture
KillTimer
GetDlgItem
SetTimer
CheckMenuItem
GetDC
MoveWindow
CreateWindowExA
DrawFrameControl
FrameRect
InflateRect
DrawEdge
OffsetRect
GetSysColor
FillRect
GetSysColorBrush
GetMenuItemInfoA
LoadImageA
GetClassInfoExA
RegisterClassExA
LoadCursorA
wsprintfA
InvalidateRect
UpdateWindow
GetSystemMetrics
GetClassNameA
GetClientRect
GetDlgCtrlID
CharNextA
DrawFocusRect
IsWindowEnabled
EndPaint
SetWindowPos
ReleaseDC
GetWindowLongA
SetWindowLongA
RegisterWindowMessageA
SystemParametersInfoA
GetWindowDC
DrawTextA
ReleaseCapture
IsWindowVisible
DefWindowProcA
CallWindowProcA
IsWindow
CopyRect
GetKeyState
GetParent
SetFocus
GetWindowRect
MapWindowPoints
TrackPopupMenu
DestroyMenu
GetFocus
GetMessagePos
ScreenToClient
MessageBoxA
EndDialog
GetWindow
ShowWindow
EnumChildWindows
UnionRect
IsDialogMessageA
GetNextDlgTabItem
IsChild
GetDialogBaseUnits
CreateDialogIndirectParamA
RedrawWindow
GetDesktopWindow
CreateAcceleratorTableA
InvalidateRgn
SetWindowRgn
EqualRect
TranslateMessage
DispatchMessageA
GetComboBoxInfo
SetActiveWindow
PostMessageA
SetRectEmpty
GetCursorPos
DialogBoxParamA
GetActiveWindow
SetCursor
CreatePopupMenu
AppendMenuA
DestroyWindow
SetWindowTextA
GetWindowTextLengthA
GetWindowTextA
SendMessageA
IntersectRect
GetCapture

gdi32

BitBlt
CreateDIBSection
CreateSolidBrush
GetTextExtentPointA
Rectangle
GetTextMetricsA
GetDeviceCaps
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
RestoreDC
SetWindowExtEx
CreateCompatibleDC
SaveDC
CreateMetaFileA
SetViewportOrgEx
SetMapMode
LPtoDP
CreateDCA
MoveToEx
CreatePen
LineTo
ExtTextOutA
SelectClipRgn
CreateRectRgn
CreateCompatibleBitmap
PatBlt
CreateBitmap
CreatePatternBrush
SetTextColor
SetBkColor
SetBrushOrgEx
SetBkMode
DeleteDC
CreateFontIndirectA
SelectObject
GetObjectA
SetWindowOrgEx
GetStockObject
DeleteObject

advapi32

RegQueryInfoKeyA
RegOpenKeyA
RegQueryValueExA
RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

ole32

OleLoadFromStream
CoCreateInstance
CoTaskMemFree
WriteClassStm
OleSaveToStream
StringFromCLSID
CoCreateGuid
CreateDataAdviseHolder
CoTaskMemAlloc
CoTaskMemRealloc
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CreateOleAdviseHolder
RegisterDragDrop
ReleaseStgMedium

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
OleCreatePropertyFrame
OleCreateFontIndirect
OleTranslateColor
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
VariantChangeType
SysStringLen
VarBstrCat
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantInit
VariantClear
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllRegisterServer2
DllUnregisterServer
DllUnregisterServer2

Sections

.text
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abfd58003a2abcf6402871b8ccd8d8df

Headers

File Characteristics

Imports

winio

wininet

ws2_32

urlmon

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 312KB - Virtual size: 308KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 20KB - Virtual size: 29KB

STLPORT_ Size: 4KB - Virtual size: 32B

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 312KB - Virtual size: 308KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 20KB - Virtual size: 29KB

STLPORT_
Size: 4KB - Virtual size: 32B

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 32KB - Virtual size: 28KB