beb648282b9325d0bede540f064bdb7d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

beb648282b9325d0bede540f064bdb7d_JaffaCakes118
Size

236KB
MD5

beb648282b9325d0bede540f064bdb7d
SHA1

e3a73d85bdba93094b91184e009f0629507a7a03
SHA256

b6b478adccacbe96c2ab19b22dbae4111f2d01ae0443d4e7bba1685ead861060
SHA512

1140874014beda8d729271386faf5ab25366ce3021f346d614891925605798bc7463d002904ffe9f8f71f4aa786778ca65b4d3152f90bf7d15cedd1b7117f17d
SSDEEP

3072:f6xBHM2Aa6aVjsiSN3kJ7jX/ugvmofuTggDnBS0:f6LMba6aPSN3M76QVuTggDn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
beb648282b9325d0bede540f064bdb7d_JaffaCakes118

Files

beb648282b9325d0bede540f064bdb7d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a9127bc4220f60996974aa0ee57ec46a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
CloseHandle
WriteFile
CreateFileA
FindClose
FindFirstFileA
SetFileTime
GetFileTime
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
lstrlenA
GetVersionExA
MultiByteToWideChar
GetLastError
lstrlenW
WideCharToMultiByte
GetModuleFileNameA
SetStdHandle
GetStringTypeW
GetStringTypeA
VirtualAlloc
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
ReadFile
SetFilePointer
GetModuleHandleA
GetShortPathNameA
GetPrivateProfileIntA
CopyFileA
DeleteFileA
GetTickCount
GetTempPathA
GetWindowsDirectoryA
GetSystemDirectoryA
GlobalUnlock
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalLock
GetPrivateProfileSectionA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
UnhandledExceptionFilter
HeapSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetFileAttributesA
GetCommandLineA
GetVersion
RaiseException
TlsAlloc
TlsFree
SetLastError
HeapFree
HeapAlloc

user32

GetClassNameA
IsWindow
EnumChildWindows
GetWindow
SetWindowTextA
GetWindowTextA
wsprintfA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

ReleaseStgMedium
CoCreateInstance
RegisterDragDrop
RevokeDragDrop
OleInitialize
CoGetClassObject
CoUninitialize
CoInitialize
CoCreateGuid
CreateStreamOnHGlobal

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString
VariantChangeType
VariantCopy
SysAllocStringLen
SysStringLen
LoadRegTypeLi

wininet

CreateUrlCacheEntryA
InternetReadFile
InternetQueryDataAvailable
InternetOpenA
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA

atl

ord20
ord21
ord17
ord31
ord30
ord16
ord15
ord57
ord32
ord58
ord23
ord18

ws2_32

WSAStartup
socket
gethostbyname
inet_ntoa
recvfrom
WSAGetLastError
htons
sendto
ioctlsocket

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 32.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9127bc4220f60996974aa0ee57ec46a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

atl

ws2_32

urlmon

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 40KB - Virtual size: 32.0MB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 60KB - Virtual size: 59KB

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 40KB - Virtual size: 32.0MB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 60KB - Virtual size: 59KB