c13d01ab76c5cd8c6111f49082053fa8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c13d01ab76c5cd8c6111f49082053fa8_JaffaCakes118
Size

1.4MB
MD5

c13d01ab76c5cd8c6111f49082053fa8
SHA1

f274f7b5b449bba0cc065ffe455c716529b589d9
SHA256

8c0bf052b82fe87ec762b0c3123c3aa62edd998867001764d0f0e2f2f1c132c8
SHA512

cbf2995e64605031efea48f9c498ad33308252dbf548027db3737f271f40ba9dd1e20d6bb9c47627b717a4eee1e04607a924bdc75d8de7c66fb5c842ab45f3bf
SSDEEP

24576:WSwutUGxFosvviLP8XHI+/nHksduvKFrsXNV491qYXKcL6GIEUvg5LUi1OQ:WRGJx+svviLP8XpfFdDFrsXNMXKBEJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c13d01ab76c5cd8c6111f49082053fa8_JaffaCakes118

Files

c13d01ab76c5cd8c6111f49082053fa8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

84a1871284b6c9d61e5c59ef3a634da3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
SetFileAttributesA
GlobalAlloc
GetACP
GetCurrentProcessId
lstrcmpA
GlobalFree
LockResource
CompareStringA
GetFileAttributesA
SetFilePointer
WritePrivateProfileSectionA
GetPrivateProfileSectionA
SetErrorMode
GetEnvironmentVariableA
ReadProcessMemory
VirtualProtect
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
LocalFree
FormatMessageA
GetVolumeInformationA
MoveFileExA
GetExitCodeThread
OpenMutexA
IsBadStringPtrW
FreeResource
HeapFree
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SystemTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
SetFileTime
SwitchToThread
SetEvent
ResumeThread
FileTimeToSystemTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetLocalTime
VirtualQuery
RemoveDirectoryA
CopyFileA
CreateDirectoryA
WritePrivateProfileStringA
GetVersionExA
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
GetTickCount
CreateFileA
CreateProcessA
WaitForSingleObject
CreateMutexA
GetTempFileNameA
ReleaseMutex
GlobalLock
GlobalUnlock
lstrcatA
lstrcpyA
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
DisableThreadLibraryCalls
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
ExitThread
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleFileNameA
GetShortPathNameA
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
Sleep
lstrlenW
GetCurrentProcess
WriteProcessMemory
IsBadStringPtrA
CreateThread
WideCharToMultiByte
GetFileSize
GetProcessHeap
HeapAlloc
ReadFile
CloseHandle
MultiByteToWideChar
WriteFile
LoadLibraryA
GetModuleFileNameW
InterlockedDecrement
LoadLibraryW
OutputDebugStringA
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLastError
SetLastError
GetPrivateProfileIntA
GetPrivateProfileStringA
InterlockedIncrement
lstrlenA
TerminateThread

user32

LoadBitmapA
SetTimer
GetGUIThreadInfo
GetWindowThreadProcessId
IsRectEmpty
EndDialog
AdjustWindowRectEx
SetWindowTextA
ClientToScreen
InsertMenuA
DeleteMenu
IsWindow
GetParent
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnableMenuItem
GetAsyncKeyState
GetSubMenu
GetClassNameA
EnumChildWindows
IsChild
UnhookWindowsHookEx
DefWindowProcA
DestroyWindow
GetFocus
SetFocus
PostMessageA
SetWindowsHookExA
wsprintfA
LoadCursorA
RegisterClassExA
GetClassInfoExA
CallWindowProcA
CreateWindowExA
GetActiveWindow
GetDlgItem
BeginPaint
SetWindowLongA
GetWindowLongA
SendMessageA
EndPaint
CharNextA
LoadStringA
DestroyIcon
CharLowerA
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindowRect
GetMenuItemID
GetWindow
DialogBoxParamA
IsWindowVisible
RedrawWindow
CheckMenuItem
ShowWindow
LoadImageA
AdjustWindowRect
SetRect
UpdateWindow
IsMenu
LoadMenuA
DestroyMenu
GetKeyState
MessageBoxA
CreatePopupMenu
AppendMenuA
GetMenuItemCount
EnableWindow
SetCursor
GetWindowTextA
GetWindowTextLengthA
SetRectEmpty
ScreenToClient
GetCursorPos
ReleaseCapture
GetCapture
SetCapture
PtInRect
InvalidateRect
FillRect
OffsetRect
DrawTextA
GetDC
DrawFocusRect
ReleaseDC
DispatchMessageA
TranslateMessage
KillTimer
GetDesktopWindow
GetScrollInfo
SetScrollInfo
ScrollWindow
CharLowerBuffA
CallWindowProcW
IsWindowUnicode
SetWindowLongW
CharNextW
GetMenuItemRect
GetMessageA
PostThreadMessageA
CreateIconFromResourceEx
GetPropA
SetPropA
RemovePropA
FindWindowExA
InflateRect
CreateDialogParamA
SetDlgItemTextA
GetDlgItemTextA
EnumWindows
IsDialogMessageA
CharUpperA
InsertMenuItemA
GetMenuState
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
CopyImage
PeekMessageA
CallNextHookEx
DrawStateA
GetSystemMetrics
RegisterWindowMessageA
TrackPopupMenuEx
GetMessagePos
GetSysColorBrush
FrameRect
GetMenuItemInfoA
SetMenuItemInfoA
IsWindowEnabled
MessageBeep
GetTopWindow
MenuItemFromPoint
GetClassInfoA
GetWindowPlacement
GetDlgCtrlID
GetWindowDC
GetMenuStringA
ModifyMenuA
WindowFromPoint
FindWindowA
LoadIconA
CopyRect
DrawIconEx
GetSysColor
MoveWindow

gdi32

ExcludeClipRect
GetClipBox
SetViewportOrgEx
GetDeviceCaps
DPtoLP
SaveDC
RestoreDC
CreateBitmap
GetTextColor
GetCurrentObject
ExtTextOutA
Rectangle
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
GetTextExtentPoint32A
TextOutA
CreateFontA
DeleteDC
SetTextColor
GetObjectA
CreateFontIndirectA
SetBkMode
SetBkColor
GetStockObject
CreatePen
SelectObject
MoveToEx
LineTo
GetPixel
DeleteObject

advapi32

RegDeleteKeyA
GetUserNameA
RegSetKeySecurity
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
EnumDependentServicesA
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
ChangeServiceConfigA
CloseServiceHandle
RegCreateKeyA
RegEnumKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
RegDeleteValueA

shell32

SHGetPathFromIDListA
DragQueryFileA
SHGetFileInfoA
SHGetFileInfoW
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ExtractIconA
ShellExecuteA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation

ole32

ReleaseStgMedium
GetHGlobalFromStream
CoInitialize
OleInitialize
RevokeDragDrop
CoGetClassObject
CreateStreamOnHGlobal
OleUninitialize
RegisterDragDrop
CoCreateGuid
StringFromGUID2
OleRun
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysStringByteLen
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
OleLoadPicture
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
VariantChangeType
VariantInit
VariantCopy
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString

shlwapi

PathIsDirectoryA
PathRemoveFileSpecA
UrlCanonicalizeA
SHDeleteKeyA
PathFileExistsA
PathFindFileNameA
PathRemoveExtensionA
SHSetValueA
SHDeleteValueA
UrlUnescapeA
UrlEscapeA
StrRetToStrW
StrRetToStrA
StrStrIA
SHCopyKeyA
SHGetValueA

oleacc

AccessibleObjectFromPoint

rpcrt4

UuidCreate

imm32

ImmGetDefaultIMEWnd

urlmon

CoInternetGetSession
URLDownloadToFileA

msimg32

TransparentBlt
AlphaBlend

msvcrt

_strcmpi
_stricmp
_wcsnicmp
_wcsupr
_adjust_fdiv
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_endthreadex
strncmp
_memicmp
_access
strtol
_beginthread
_endthread
_local_unwind2
_mbspbrk
tolower
strncat
bsearch
qsort
_fullpath
printf
_vsnprintf
_CxxThrowException
_strnicmp
toupper
strstr
isxdigit
isalnum
_wstat
fputs
fseek
ftell
_mbsnbcmp
__RTDynamicCast
strtod
atol
abs
fwrite
fread
_ftol
_mbsnbcpy
_mbsicoll
sscanf
fopen
fprintf
fclose
_beginthreadex
calloc
localtime
atof
_snwprintf
wcsncpy
wcsstr
wcschr
_wcsicmp
iswdigit
swscanf
iswalpha
_mbstok
_mbsrchr
strcat
malloc
memmove
strcmp
wcscmp
memset
strncpy
strrchr
_stat
_snprintf
srand
rand
memcmp
strcpy
strchr
_mbschr
_ismbcspace
_mbsnbicmp
_except_handler3
free
realloc
_mbsicmp
_mbscmp
_purecall
time
atoi
_ismbcdigit
wcslen
sprintf
strlen
vsprintf
??2@YAPAXI@Z
memcpy
__CxxFrameHandler
_mbsstr

wininet

InternetSetStatusCallback
FtpOpenFileA
InternetAttemptConnect
FindFirstUrlCacheGroup
DeleteUrlCacheGroup
FindNextUrlCacheGroup
DeleteUrlCacheEntry
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetConnectA
InternetConnectW
HttpOpenRequestA
HttpQueryInfoA
HttpOpenRequestW
InternetCloseHandle
InternetReadFile
InternetQueryOptionA
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
GetUrlCacheEntryInfoA
HttpSendRequestA
InternetQueryDataAvailable
InternetSetFilePointer
InternetSetCookieA
InternetGetCookieA
HttpAddRequestHeadersA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetGetConnectedState
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

iphlpapi

GetAdaptersInfo
GetNetworkParams

ws2_32

gethostname
gethostbyname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Install
Uninstall

Sections

.text
Size: 944KB - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84a1871284b6c9d61e5c59ef3a634da3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

oleacc

rpcrt4

imm32

urlmon

msimg32

msvcrt

wininet

setupapi

version

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 944KB - Virtual size: 940KB

.rdata Size: 168KB - Virtual size: 165KB

.data Size: 80KB - Virtual size: 101KB

.idata Size: 20KB - Virtual size: 17KB

.Shared Size: 4KB - Virtual size: 260B

.rsrc Size: 252KB - Virtual size: 249KB

.reloc Size: 68KB - Virtual size: 67KB

.text
Size: 944KB - Virtual size: 940KB

.rdata
Size: 168KB - Virtual size: 165KB

.data
Size: 80KB - Virtual size: 101KB

.idata
Size: 20KB - Virtual size: 17KB

.Shared
Size: 4KB - Virtual size: 260B

.rsrc
Size: 252KB - Virtual size: 249KB

.reloc
Size: 68KB - Virtual size: 67KB