c9463d0aea381c609f5c2483597542f2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c9463d0aea381c609f5c2483597542f2_JaffaCakes118
Size

198KB
MD5

c9463d0aea381c609f5c2483597542f2
SHA1

b3a37e1b44d3587ee0be604e07aec841ecb630be
SHA256

77abe83189a876c39ff0a65a677386da1700064c6b7caf715745ef70fb3e99f8
SHA512

96604e054ebfc0a0a0174605d61e7c5abbb2b6b9bbea137f2f3651ec3aa16e1ba1aaaadce5715242d9eb2edffab9fb9317bd4a52cd8b6d3c6e9a8e6c9ed17c69
SSDEEP

3072:q+g/Nw+7tKCuKlZA1RWhwE5G+60+fJC5Do4LujpIwOGL5y4cPUI:ytTunalDGJ5NtNSUI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9463d0aea381c609f5c2483597542f2_JaffaCakes118

Files

c9463d0aea381c609f5c2483597542f2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

39e6db74acf2c839a539edbfb8bf525d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

mbstowcs
sscanf
_mbsrchr
time
fread
_filelength
_unlink
wcscmp
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_strlwr
strchr
strtok
_stricmp
wcscpy
_CxxThrowException
_wunlink
isalnum
isspace
strrchr
atoi
_setmode
__CxxFrameHandler
fclose
strcpy
_purecall
memset
memmove
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
strcat
strlen
fopen
fwrite
_beginthreadex
vsprintf
wcsrchr
_ismbcdigit
strstr
sprintf
_access
strncmp
malloc
realloc
free
_ltoa
wcslen
memcmp
strcmp
wcsncmp

fileutil

ord5
ord4
ord2
ord6
ord1
ord3

kernel32

GetLocalTime
CreateFileA
GetModuleFileNameA
IsBadStringPtrA
GetWindowsDirectoryA
GetSystemDirectoryA
LocalAlloc
FormatMessageA
LocalFree
SetLastError
CompareStringA
GetFullPathNameA
GetExitCodeProcess
CopyFileA
RemoveDirectoryA
CreateDirectoryA
GetEnvironmentVariableA
GetFileSize
CreateProcessA
GetTempPathA
WriteFile
WaitForSingleObject
GetComputerNameA
GlobalAlloc
GlobalFree
GetTickCount
ReleaseMutex
WideCharToMultiByte
lstrlenW
GetLastError
GetTempFileNameA
MultiByteToWideChar
GetCurrentThreadId
CreateMutexA
CloseHandle
lstrlenA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateEventA
TerminateThread
Sleep
GetExitCodeThread
SetEvent
WaitForMultipleObjects
lstrcpyA
GetCurrentProcessId
InterlockedIncrement
DeleteFileA
MoveFileA
ReadFile
lstrcatA
FindFirstFileA
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
GetSystemTime
SystemTimeToFileTime
FindClose
FindNextFileA
LoadLibraryExA
GetShortPathNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
InterlockedDecrement
HeapDestroy
LoadLibraryA

user32

wsprintfA
PostThreadMessageA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
LoadCursorA
CopyIcon
SetSystemCursor
SetWindowTextA
DrawAnimatedRects
SystemParametersInfoA
CharNextA
LoadAcceleratorsA
GetCursorPos
ScreenToClient
FindWindowExA
LoadStringA
GetWindowRect
CharLowerA
CharUpperBuffA
CharLowerBuffA

advapi32

RegQueryInfoKeyA
RegEnumKeyA
RegNotifyChangeKeyValue
RegEnumKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
RegDeleteKeyA

ole32

CoTaskMemFree
CoCreateInstance
OleRun
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoGetCurrentProcess
CLSIDFromString
ProgIDFromCLSID

oleaut32

GetErrorInfo
VariantChangeType
SafeArrayPutElement
SafeArrayCreate
VariantInit
VariantClear
LoadRegTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen
VarUI4FromStr
RegisterTypeLi
SetErrorInfo
CreateErrorInfo
VariantCopy

wininet

InternetConnectA
HttpSendRequestA
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
InternetOpenA
InternetCrackUrlA
InternetCloseHandle
HttpOpenRequestA
InternetReadFile
HttpQueryInfoA

wsock32

gethostbyname
WSACleanup
WSAStartup
gethostname

csutil

ord15
ord1
ord7
ord3
ord4
ord9
ord14
ord16
ord17
ord6
ord2

urlmon

CreateAsyncBindCtx
CreateURLMoniker
URLOpenBlockingStreamA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39e6db74acf2c839a539edbfb8bf525d

Headers

File Characteristics

Imports

msvcrt

fileutil

kernel32

user32

advapi32

ole32

oleaut32

wininet

wsock32

csutil

urlmon

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 9KB - Virtual size: 9KB

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 11KB - Virtual size: 10KB