cf0bbc3f3161920736f549b8b08a1217_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf0bbc3f3161920736f549b8b08a1217_JaffaCakes118
Size

133KB
MD5

cf0bbc3f3161920736f549b8b08a1217
SHA1

0d0f893be7aa5bdf95eda21bc3b4cf9160b1fe0f
SHA256

6ec8b47a9499381beb5cbf1dd103257d948cbd377b51dfc8feddf2b649fb3c03
SHA512

00a70ba83e06d583a8da9acefd7d610627f213595fcac113890680ae8a747cfbefcb9d65ee4bf7de90584219c89a6e3fd14d7d790d5531b339cb4b0d7c1e4f52
SSDEEP

3072:cCR6yRmdP2OYonHNxa+BgoAWoPcyjpSs+84Rlpye:cCD+OonHLa+Bwcyp+nE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf0bbc3f3161920736f549b8b08a1217_JaffaCakes118

Files

cf0bbc3f3161920736f549b8b08a1217_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e53fda7e199c45ba3f03a18407e769d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
memmove
??2@YAPAXI@Z
strlen
memcpy
memcmp
__CxxFrameHandler
_EH_prolog
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
memset
wcscpy
realloc
_mbsstr
_mbslwr
malloc
atoi
_adjust_fdiv
_initterm
_onexit
__dllonexit
??3@YAXPAX@Z
strcat
wcslen
wcsstr
_purecall
free

babarwnd

ord5
ord6
ord9
ord1
ord4
ord3
ord2
ord8
ord7

shlwapi

PathFindExtensionA
UrlEscapeA

kernel32

LoadResource
FindResourceA
FindResourceExA
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrcpyA
SetLastError
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcmpA
LockResource
WaitForSingleObject
CloseHandle
CreateProcessA
GetModuleFileNameA
CreateEventA
GetLastError
lstrlenW
lstrcmpiW
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GetProcessHeap
GetCurrentThreadId
HeapFree
lstrcmpiA
InterlockedIncrement
InterlockedDecrement
lstrcpynA
IsDBCSLeadByte
LoadLibraryExA
DeleteFileA
MulDiv
DisableThreadLibraryCalls
ReadFile
WriteFile
SetFilePointer
CreateFileA
GetWindowsDirectoryA
MoveFileExA
GlobalAlloc
GlobalLock
GlobalUnlock
CreateThread
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
SizeofResource
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
Sleep

user32

GetWindowTextA
GetForegroundWindow
MessageBoxA
GetWindowRect
GetParent
SetFocus
InvalidateRect
GetKeyState
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
GetWindow
FindWindowExA
GetSysColor
ScreenToClient
GetFocus
CreateAcceleratorTableA
GetClassNameA
RedrawWindow
GetDlgItem
GetDesktopWindow
InvalidateRgn
SetCapture
ReleaseCapture
DestroyAcceleratorTable
SetWindowPos
UnionRect
PtInRect
PostMessageA
KillTimer
SetTimer
CallWindowProcA
GetWindowLongA
BeginPaint
EndPaint
DefWindowProcA
LoadStringA
GetClientRect
MoveWindow
FillRect
CreateWindowExA
RegisterClassExA
GetDC
GetWindowTextLengthA
IsChild
SetWindowTextA
RegisterWindowMessageA
SystemParametersInfoA
LoadIconA
PeekMessageA
GetMessageA
TranslateMessage
ReleaseDC
LoadCursorA
GetClassInfoExA
IsWindowVisible
SetWindowLongA
ShowWindow
DestroyWindow
CharLowerW
CharLowerA
wsprintfA
FindWindowA
IsWindow
SendMessageA
CharNextA
UnregisterClassA
DispatchMessageA

gdi32

StretchBlt
SetStretchBltMode
SetBkColor
CreateRectRgnIndirect
CreateBitmap
TextOutA
CreateDCA
GetDeviceCaps
SetTextColor
LPtoDP
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
SetBkMode
GetObjectA
CreateCompatibleBitmap
GetStockObject
GetTextExtentPoint32A
SetTextAlign
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
CreateSolidBrush
SaveDC

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
GetUserNameA
RegEnumValueA
RegSetValueExA
RegCloseKey
RegCreateKeyExA

shell32

SHGetDesktopFolder
ShellExecuteA

ole32

OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateOleAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoInitialize
OleRegEnumVerbs

oleaut32

OleCreatePropertyFrame
VariantChangeType
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VarBstrCat
VariantInit
VariantClear
SysAllocString

wininet

InternetGetConnectedState

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InitToolbar

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e53fda7e199c45ba3f03a18407e769d3

Headers

File Characteristics

Imports

msvcrt

babarwnd

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 7KB