ced67dc19c0962a94335c9577917f970_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ced67dc19c0962a94335c9577917f970_JaffaCakes118
Size

128KB
MD5

ced67dc19c0962a94335c9577917f970
SHA1

8bfa600b14cba255733684c5b445ca86de40acf0
SHA256

31b2b604a92e8146920fd1023d09447b330bb1381137ac2efd271a19ece03d80
SHA512

35d3f92c5600e86972161e8443e1440deb7c979cfcb0625c2a6ab9d8662c9c61514daf231d5bd582826a47854c74814e2d52d65ca0850701e2eb3ce850b98c2a
SSDEEP

3072:m2oWOb8GndMUHfNdthsXLo8bdmyILATN:m2o31H81bdV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ced67dc19c0962a94335c9577917f970_JaffaCakes118

Files

ced67dc19c0962a94335c9577917f970_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

73c782a27ea0f0cd73e4489d6c712fa4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
lstrcpyA
HeapDestroy
GetProcAddress
InitializeCriticalSection
lstrcatA
GetSystemDirectoryA
DebugBreak
LoadLibraryA
Sleep
ExitProcess
TerminateProcess
GetSystemInfo
HeapCreate
RtlUnwind
GetStringTypeA
GetStringTypeW
lstrlenA
MultiByteToWideChar
GlobalAlloc
FindResourceA
LoadResource
LockResource
GlobalHandle
GlobalFree
FreeResource
lstrlenW
WideCharToMultiByte
HeapAlloc
DisableThreadLibraryCalls
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
SizeofResource
FreeLibrary
GetModuleFileNameA
GetShortPathNameA
GetLastError
GetCurrentProcess
FlushInstructionCache
lstrcmpA
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
HeapReAlloc
HeapFree

user32

GetParent
GetDC
GetDesktopWindow
ReleaseDC
RedrawWindow
CreateAcceleratorTableA
IsWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
EndPaint
CallWindowProcA
SetCapture
ReleaseCapture
SetFocus
GetSysColor
InvalidateRect
InvalidateRgn
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
SetWindowLongA
GetWindow
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
IsChild
GetFocus
DestroyWindow
DialogBoxIndirectParamA
GetActiveWindow
wsprintfA
SetWindowTextA
GetDlgItem
EnableWindow
SetDlgItemTextA
SendMessageA
CreateWindowExA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
UnionRect
PtInRect
GetKeyState
CreateDialogParamA
CharNextA
GetWindowPlacement
SetWindowPlacement
SetTimer
KillTimer
GetScrollRange
GetScrollPos
LoadIconA
PostMessageA
ShowWindow
MessageBoxA
EndDialog
GetClassNameA
GetWindowRect

gdi32

DeleteDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetDeviceCaps
GetObjectA
GetStockObject
SetTextColor
SetBkMode
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileA
SetViewportOrgEx
SetMapMode
LPtoDP
CreateDCA
BitBlt

advapi32

RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegEnumValueA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoTaskMemRealloc
CreateOleAdviseHolder
OleLoadFromStream
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
OleSaveToStream
WriteClassStm
CoInitialize
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal

oleaut32

LoadTypeLi
OleLoadPicture
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
VariantClear
SysAllocString
SysAllocStringLen
SysFreeString
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
OleCreatePropertyFrame

rasapi32

RasEnumDevicesA
RasGetConnectStatusA
RasSetEntryPropertiesA
RasGetEntryPropertiesA
RasHangUpA
RasEnumConnectionsA
RasGetErrorStringA
RasDialA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73c782a27ea0f0cd73e4489d6c712fa4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rasapi32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 40KB - Virtual size: 36KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 40KB - Virtual size: 36KB

.reloc
Size: 8KB - Virtual size: 4KB