ea08a137e8643e16b37413cd570160a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea08a137e8643e16b37413cd570160a1_JaffaCakes118
Size

509KB
MD5

ea08a137e8643e16b37413cd570160a1
SHA1

1646c55c6106d22c3869c1e46b234450e8b125c0
SHA256

cf82e0fbc72f7d1591138d296db24ad5b5f1155ffb45dca040c983d2453023f3
SHA512

e729d2297ccb95ff0a591aaf1eb282b43f41d70b3f5b6a4591d8f126e87e0c18079c5e12fc2cc0c33b06334cf36941f7bf3d8e6d80e520d9dd4c61dad2a039b7
SSDEEP

6144:CBYEfoEtxJJJJ9TIfvpzqN/WpFSQdcUwfMbX5BAklU:YYEfoEtxJJJJ9k3pzMwSQdXgwk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea08a137e8643e16b37413cd570160a1_JaffaCakes118

Files

ea08a137e8643e16b37413cd570160a1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

be929fb0652fb8ad66ae4a058a65b61e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
LockResource
CloseHandle
GetTickCount
GetTempPathA
FindResourceExA
GetTempFileNameA
CreateFileA
SetLastError
CreateDirectoryA
GetFileSize
ReadFile
GetVersionExA
LoadLibraryA
GetProcAddress
MoveFileExA
WriteFile
SetFilePointer
OutputDebugStringA
GetFileAttributesA
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
ResetEvent
SetEvent
WaitForSingleObject
TerminateThread
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
ResumeThread
CreateEventA
lstrcmpA
GetCurrentThreadId
GetPrivateProfileIntA
GetPrivateProfileStringA
GetOEMCP
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
CreateThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
lstrlenA
IsDBCSLeadByte
MultiByteToWideChar
LeaveCriticalSection
lstrcmpiA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
FreeLibrary
lstrlenW
RaiseException
GetCurrentProcessId
LoadLibraryExA
FindFirstFileA
FindResourceA
WideCharToMultiByte
LoadResource
SizeofResource
GetLastError
SystemTimeToFileTime
GetLocalTime
FindClose
FindNextFileA
DeleteFileA
CompareFileTime
GetConsoleMode

user32

PostMessageA
CharNextA
DefWindowProcA
SetTimer
RegisterWindowMessageA
GetClientRect
CreateWindowExA
RegisterClassExA
IsChild
GetClassLongA
ShowWindow
IsRectEmpty
OffsetRect
GetCursorPos
ChildWindowFromPoint
LoadImageA
SetWindowRgn
GetAncestor
UnregisterClassA
LoadCursorA
DestroyWindow
MonitorFromRect
GetMonitorInfoA
MonitorFromPoint
MonitorFromWindow
wsprintfA
SetClassLongA
SetWindowLongA
GetDC
ReleaseDC
FillRect
GetWindowLongA
CallWindowProcA
GetUpdateRect
BeginPaint
EndPaint
SetWindowPos
GetSysColor
SetRect
InvalidateRect
SetParent
GetParent
DestroyAcceleratorTable
GetWindowTextLengthA
IsIconic
KillTimer
SendMessageA
GetFocus
ScreenToClient
SetFocus
PtInRect
GetWindowTextA
InvalidateRgn
GetWindow
CreateAcceleratorTableA
GetWindowRect
SetWindowTextA
GetDesktopWindow
FindWindowExA
SetCursor
RedrawWindow
IsWindow
GetClassInfoExA
ClientToScreen
CallNextHookEx
UnhookWindowsHookEx
GetDlgItem
MoveWindow
SetWindowsHookExA
SetCapture
ReleaseCapture
GetClassNameA

gdi32

CreateSolidBrush
RectVisible
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
CreateRoundRectRgn
GetDeviceCaps
DeleteObject
SetBkMode
SetTextColor
ExtTextOutA
CreateFontIndirectA
GetTextExtentPoint32A
GetObjectA
SelectObject
StretchBlt
TextOutA

advapi32

RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA

shell32

ShellExecuteA
FindExecutableA

ole32

CoInitialize
CoUninitialize
GetHGlobalFromStream
CLSIDFromProgID
ProgIDFromCLSID
StringFromGUID2
CoGetClassObject
CLSIDFromString
OleLockRunning
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

VariantChangeType
VariantCopy
LoadTypeLi
VariantInit
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
SysStringByteLen
SysAllocString
SysAllocStringLen
VariantClear
OleLoadPicture
SysFreeString
GetErrorInfo
VarUI4FromStr

shlwapi

PathCreateFromUrlA
PathFileExistsA

wininet

InternetOpenA
DeleteUrlCacheEntry
InternetConnectA
InternetSetOptionW
HttpOpenRequestA
InternetCloseHandle
InternetAttemptConnect
HttpQueryInfoA
HttpSendRequestA
InternetReadFile
HttpAddRequestHeadersA

urlmon

URLDownloadToFileA

ws2_32

WSAStartup
WSACleanup
gethostbyname

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msimg32

TransparentBlt

Exports

Exports

ALBanner_BannerResize
ALBanner_DeleteArea
ALBanner_Execute
ALBanner_Finalize
ALBanner_GetBannerID
ALBanner_GetPropertyInt
ALBanner_GetPropertyStr
ALBanner_Initialize
ALBanner_InitializeEx
ALBanner_SetCustomDrawProc
ALBanner_SetTextBannerOption

Sections

.text
Size: 384KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be929fb0652fb8ad66ae4a058a65b61e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

urlmon

ws2_32

version

msimg32

Exports

Exports

Sections

.text Size: 384KB - Virtual size: 380KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 24KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 384KB - Virtual size: 380KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 24KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 28KB