d64597ac6fee5e81a7ac6bfae9092895_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d64597ac6fee5e81a7ac6bfae9092895_JaffaCakes118
Size

58KB
MD5

d64597ac6fee5e81a7ac6bfae9092895
SHA1

94dba4166fe48658fdb283b47ce47b5ef3ce73c0
SHA256

4f8a6e1ea2aad3937ade66985b676cf489105a03c25242ec347cffd1cfef2e63
SHA512

4b6d0fabb9c04a10306544f034c72605acbbfc449c85f7c0f718f16d151e8eb73e5748dc29f290e9f36f1da2598aae8cc25241b3bcde766c4a59cccb8d1828c2
SSDEEP

768:F1tmrk0LkFFmf5dxb9UA8srJByoidZWHqV10/aBw+gzLCbo7daPPw/AVO:j8k0Smxdxb98sNciCJgab0daPPw4VO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d64597ac6fee5e81a7ac6bfae9092895_JaffaCakes118

Files

d64597ac6fee5e81a7ac6bfae9092895_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a80c8cc209595b1be0bbadc2deb53b3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_splitpath
_adjust_fdiv
_initterm
memcmp
atol
strncpy
strlen
strcmp
exit
fopen
fgets
strtol
fclose
strchr
strcat
strtok
atoi
strstr
??3@YAXPAX@Z
??2@YAPAXI@Z
tolower
wcstombs
_EH_prolog
__CxxFrameHandler
strcpy
memset
memcpy
realloc
malloc
free

kernel32

Sleep
InitializeCriticalSection
HeapDestroy
lstrcpyA
MulDiv
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetFileAttributesA
CreateDirectoryA
GetVersionExA
lstrcmpA
LoadLibraryA
TerminateProcess
OpenProcess
FindClose
FindFirstFileA
GetSystemDirectoryA
lstrcatA
FormatMessageA
CloseHandle
WriteFile
CreateFileA
GetProcAddress
GetWindowsDirectoryA
DisableThreadLibraryCalls
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
InterlockedIncrement
FlushInstructionCache
GetCurrentThreadId

user32

GetFocus
EndPaint
IsChild
GetClientRect
BeginPaint
SetWindowLongA
GetWindowLongA
CallWindowProcA
DefWindowProcA
BringWindowToTop
DestroyWindow
GetDlgItemTextA
LoadCursorA
SetCursor
LoadImageA
EnableWindow
GetMessageA
GetClassInfoExA
RegisterClassExA
MoveWindow
SetWindowTextA
SetTimer
MessageBoxA
KillTimer
PeekMessageA
PostQuitMessage
EnumWindows
GetWindowTextA
IsWindow
PostMessageA
GetWindowThreadProcessId
SendMessageA
wsprintfA
CharNextA
CreateWindowExA
GetDC
GetForegroundWindow
LoadIconA
OffsetRect
IsIconic
DrawFrameControl
ReleaseDC
SendDlgItemMessageA
FillRect
InflateRect
GetSysColor
DrawTextA
ShowWindow
DrawFocusRect
GetWindowRect
DispatchMessageA
TranslateMessage
GetSystemMetrics

gdi32

DeleteDC
GetStockObject
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
LPtoDP
RestoreDC
SetTextColor
SetBkColor
DeleteObject
CreateSolidBrush
GetDeviceCaps
CreateFontA
CreateDCA

advapi32

RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
SysAllocString
LoadTypeLi
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
SysStringLen
VariantClear
SysFreeString

urlmon

HlinkNavigateString

wininet

InternetSetOptionA
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCloseHandle
InternetSetStatusCallback
InternetOpenA
InternetOpenUrlA
HttpSendRequestA
InternetConnectA

wsock32

WSAStartup
gethostname
gethostbyname

comctl32

ord17

setupapi

SetupIterateCabinetA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ENTRYPOINT

Sections

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a80c8cc209595b1be0bbadc2deb53b3e

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

wininet

wsock32

comctl32

setupapi

Exports

Exports

Sections

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 41KB - Virtual size: 44KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 41KB - Virtual size: 44KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB