cff1b2512abb94fc836d93605d6aed9b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cff1b2512abb94fc836d93605d6aed9b_JaffaCakes118
Size

121KB
MD5

cff1b2512abb94fc836d93605d6aed9b
SHA1

c7473d264a3204ca1ea58c9783659cb1331babb6
SHA256

8bf6cd6bb97549be789d196f49a35f0fb4cdf015bd663ca09c95b7ca74e4093b
SHA512

c9ff17a8a7317b5a76f39fe139a13a655868fe45af64192849862d95bee3561f99569317d638003ea1cefff7dfd34a829972e6bff81a78453adac1229b8757e0
SSDEEP

1536:oN2azTUGK/Vt2iph2S/yNfSyQiZxQnN7kn+bc55h5W555555555555555555555+:U//UrD2Yh1/yNoN7kn+s/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cff1b2512abb94fc836d93605d6aed9b_JaffaCakes118

Files

cff1b2512abb94fc836d93605d6aed9b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a25b16e9ecc308e0c8b8612f47e5f214

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

urlmon

URLDownloadToFileA

mfc42

ord6856
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord4078
ord1776
ord4407
ord5240
ord2385
ord5163
ord6374
ord4353
ord5281
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3748
ord5065
ord1725
ord2446
ord6614
ord5277
ord6691
ord4627
ord4432
ord6478
ord6514
ord5260
ord6805
ord3495
ord4720
ord6808
ord6839
ord2379
ord1949
ord6055
ord5241
ord5290
ord3749
ord1727
ord5261
ord2124
ord4424
ord818
ord567
ord6320
ord4275
ord6197
ord6379
ord6215
ord2078
ord755
ord2754
ord470
ord3571
ord2575
ord4396
ord3402
ord3574
ord640
ord809
ord609
ord323
ord556
ord3626
ord3663
ord2414
ord5785
ord4284
ord2405
ord5053
ord5981
ord2864
ord800
ord3874
ord540
ord4133
ord4297
ord5788
ord472
ord6845
ord5875
ord2859
ord613
ord1641
ord1640
ord289
ord1146
ord2122
ord2567
ord3138
ord397
ord699
ord1799
ord4622
ord614
ord2623
ord290
ord4226
ord2486
ord4003
ord860
ord1574
ord6803
ord4188
ord858
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord561
ord3953
ord2725
ord1131
ord6467
ord1099
ord1842
ord4242
ord2723
ord2390
ord6812
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord674
ord366
ord5252
ord4457
ord6242
ord520
ord1113
ord3258
ord535
ord924
ord922
ord2818
ord3742
ord6815
ord6816
ord6858
ord6846
ord6814
ord6847
ord6867
ord6859
ord6832
ord6855
ord6823
ord6857
ord6807
ord6591
ord6650
ord6800
ord6597
ord4823
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord652
ord825
ord338
ord4426
ord4623
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord6175
ord6080
ord3198
ord3454
ord4387
ord2399
ord4858
ord4953
ord4420
ord5653
ord3172
ord5577
ord1746
ord5740
ord5243
ord2542
ord2510
ord6336
ord3065
ord3058
ord4696
ord4238
ord1825
ord823
ord3938
ord912
ord283
ord3059

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_vsnprintf
isdigit
wcscpy
_CxxThrowException
memcmp
realloc
_purecall
_itoa
sprintf
_mbslwr
_mbsstr
time
srand
rand
_beginthread
_mbsnbcpy
memset
_EH_prolog
__CxxFrameHandler
strcpy
strrchr
memcpy
strlen
free
fclose
strcmp
fread
strcat
fwrite
strstr
strchr
strncpy
strpbrk
atoi
_access
fopen
_filelength
malloc

kernel32

InitializeCriticalSection
TerminateProcess
SetEvent
GetTempFileNameA
MoveFileExA
Sleep
SetFileAttributesA
DeleteFileA
WaitForSingleObject
GetModuleFileNameA
DeleteCriticalSection
lstrlenW
WritePrivateProfileStringA
InterlockedDecrement
GetPrivateProfileStringA
CreateDirectoryA
lstrcatA
FindClose
FindFirstFileA
RemoveDirectoryA
FindNextFileA
DeviceIoControl
CreateFileA
LocalFree
LocalAlloc
MultiByteToWideChar
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
lstrlenA
GetShortPathNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
CreateEventA
lstrcpyA

user32

DestroyWindow
ShowWindow
FindWindowExA
SetWindowPos
ScreenToClient
FillRect
LoadBitmapA
CharNextA
GetIconInfo
LoadImageA
SetTimer
KillTimer
EnableWindow
GetWindowRect
IsWindow
GetClientRect
DestroyMenu
DrawStateA
CopyRect
FrameRect
InflateRect
GetSysColor
OffsetRect
DrawFocusRect
GetSubMenu
TrackPopupMenuEx
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
SendMessageA
GetWindowLongA
DestroyIcon
DestroyCursor

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetStockObject
DeleteObject
DeleteDC

advapi32

RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

comctl32

_TrackMouseEvent

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysStringLen
VariantClear
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

leftdate
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a25b16e9ecc308e0c8b8612f47e5f214

Headers

File Characteristics

Imports

wininet

urlmon

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 8KB

leftdate Size: 1KB - Virtual size: 1KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 8KB

leftdate
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 5KB - Virtual size: 5KB