be8d8c7960a8a4dbd460716497556a3d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

be8d8c7960a8a4dbd460716497556a3d_JaffaCakes118
Size

427KB
MD5

be8d8c7960a8a4dbd460716497556a3d
SHA1

a213d6c705d3ca8d1f13c90acf735ffac6a70662
SHA256

c33222376c0a57380e2651116fa4b27c9a8eea1395623672b26805aeb23257a2
SHA512

6b17056b7d91e49405bdd8846cc3653236928b10a46b527f6e5c2c0cb530e43cb7707952f5b4e9062e52515a8218a23d79c4ae206f437272e2c9107bef8ca448
SSDEEP

6144:KUrd8ghMoyX/a5rsRa21O3MYRVXxeGZvO3UzEBLTZN1r+443xi5wjwvpppZ7hX12:JqMMoC/Ir2OVuGZG3UzYLTZNBx5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be8d8c7960a8a4dbd460716497556a3d_JaffaCakes118

Files

be8d8c7960a8a4dbd460716497556a3d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

333e4e2163fcd92f9598cafe6221b506

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shfolder

SHGetFolderPathA

shlwapi

PathRemoveBackslashA
SHRegGetBoolUSValueA
PathFindExtensionA
SHDeleteKeyA
PathRemoveFileSpecA
PathFindFileNameA
PathFileExistsA
PathAppendA
PathAddBackslashA

wininet

InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetCrackUrlA

urlmon

URLDownloadToFileA

url

InetIsOffline

winmm

PlaySoundA

kernel32

FindResourceExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
WideCharToMultiByte
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
HeapAlloc
FindFirstFileA
FindNextFileA
FindClose
lstrcpynA
lstrlenA
InterlockedIncrement
InterlockedDecrement
LocalFree
lstrcpyA
CreateFileA
GetLocalTime
GetDateFormatA
GetTimeFormatA
CloseHandle
SetFilePointer
WriteFile
FlushFileBuffers
GetLastError
MultiByteToWideChar
WaitForSingleObject
ReleaseMutex
Sleep
GetTempPathA
GetTempFileNameA
DeleteFileA
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesA
CreateDirectoryA
GetTickCount
GetModuleFileNameA
ExitProcess
GlobalLock
GlobalUnlock
lstrlenW
lstrcmpiA
GlobalHandle
GlobalFree
GlobalAlloc
lstrcmpA
MulDiv
SetLastError
CreateEventA
PulseEvent
LoadResource
CompareStringW
CompareStringA
FreeLibrary
IsDBCSLeadByte
LoadLibraryExA
DisableThreadLibraryCalls
GetModuleHandleA
GetProcAddress
lstrcatA
CreateProcessA
GetExitCodeProcess
CreateMutexA
SetFileAttributesA
CopyFileA
GetSystemTime
SystemTimeToFileTime
SetFileTime
LocalAlloc
RemoveDirectoryA
SetHandleCount
GetTimeZoneInformation
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetCPInfo
GetOEMCP
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
CreateThread
ResumeThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
IsBadReadPtr
HeapSize
HeapReAlloc
HeapDestroy
LockResource
SizeofResource
FindResourceA
GetProcessHeap
HeapFree
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetStdHandle
GetFileType
GetStartupInfoA
ReadFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
SetStdHandle
LoadLibraryA
IsBadCodePtr
SetEnvironmentVariableA

user32

GetKeyState
DestroyAcceleratorTable
BeginPaint
EndPaint
GetDC
ReleaseDC
TranslateMessage
AppendMenuA
DrawTextA
CharNextA
CreateAcceleratorTableA
SetCapture
ReleaseCapture
InvalidateRect
InvalidateRgn
GetDesktopWindow
MapDialogRect
SetWindowContextHelpId
DialogBoxIndirectParamA
CreatePopupMenu
GetIconInfo
GetMenuItemCount
LoadStringA
GetClassNameA
GetSystemMetrics
SetWindowPos
MapWindowPoints
GetClientRect
GetParent
GetWindowRect
SystemParametersInfoA
GetWindow
GetWindowLongA
UnregisterClassA
EndDialog
InsertMenuItemA
CheckMenuRadioItem
InsertMenuA
GetMenuItemID
EnableMenuItem
RegisterWindowMessageA
TrackPopupMenu
ClientToScreen
FillRect
GetSysColorBrush
RedrawWindow
KillTimer
SetTimer
LoadBitmapA
GetClassInfoExA
LoadCursorA
RegisterClassExA
DestroyMenu
CreateWindowExA
wsprintfA
DestroyWindow
LoadImageA
DestroyIcon
GetAsyncKeyState
IsWindow
DispatchMessageA
PeekMessageA
IsChild
BringWindowToTop
CharUpperBuffA
SetCursor
PostMessageA
GetSysColor
GetActiveWindow
GetFocus
SetWindowTextA
IsDlgButtonChecked
CheckDlgButton
DialogBoxParamA
DefWindowProcA
CallWindowProcA
MessageBoxA
SetDlgItemInt
GetDlgItemInt
SetFocus
MessageBeep
SetDlgItemTextA
GetWindowTextA
GetWindowTextLengthA
SendMessageA
EnableWindow
ShowWindow
GetDlgItem
SetWindowLongA
SetMenuItemInfoA

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateBitmapIndirect
GetDeviceCaps
CreateSolidBrush
SetBkColor
ExtTextOutA
GetObjectA
DeleteObject
GetStockObject
CreateCompatibleBitmap
SetTextColor

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegQueryInfoKeyA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA

shell32

SHFileOperationA
ShellExecuteA

ole32

OleRun
OleUninitialize
OleInitialize
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

VarBstrCmp
VariantInit
GetErrorInfo
VariantClear
SysFreeString
SysAllocString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SystemTimeToVariantTime
VarDateFromStr
LoadRegTypeLi
LoadTypeLi
DispCallFunc
OleCreateFontIndirect
VarUI4FromStr
VariantChangeType
RegisterTypeLi
UnRegisterTypeLi
VarBstrFromDate

comctl32

CreatePropertySheetPageA
PropertySheetA
DestroyPropertySheetPage
ImageList_GetImageCount
ImageList_Create
ImageList_Replace
ImageList_ReplaceIcon
ImageList_Add

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

333e4e2163fcd92f9598cafe6221b506

Headers

File Characteristics

Imports

shfolder

shlwapi

wininet

urlmon

url

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: 275KB - Virtual size: 274KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 19KB - Virtual size: 26KB

.shared Size: 512B - Virtual size: 12B

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 275KB - Virtual size: 274KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 19KB - Virtual size: 26KB

.shared
Size: 512B - Virtual size: 12B

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 27KB - Virtual size: 26KB