f021ab4a34e905e67c39e0c6d0dbaeb8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f021ab4a34e905e67c39e0c6d0dbaeb8_JaffaCakes118
Size

166KB
MD5

f021ab4a34e905e67c39e0c6d0dbaeb8
SHA1

6d8e1dead40150a56616017e17e46ebcacdc4a57
SHA256

30789730619fdd21b4878f3f432a96555b9f7c73bc4992074dbc3ba75764124f
SHA512

919dc65aa814b0c1e045a4fc5b9d2f98940ac4cb134003b3e92a31bac4f13558f6acf80f7131048433630ebd23cb5fda04acc779d4bf8d74e0857b1488102f1f
SSDEEP

3072:sp9+Qzj4LnPM/EHsV5huqvHVAnCGc6DVcg1kVR/o9kwD:STiPM8Hu5hTeCGcabIUkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f021ab4a34e905e67c39e0c6d0dbaeb8_JaffaCakes118

Files

f021ab4a34e905e67c39e0c6d0dbaeb8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

3ce991755c2361e9cb014d57bc621454

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LockResource
LoadResource
FindResourceA
GlobalAlloc
lstrlenW
lstrlenA
GlobalUnlock
GlobalLock
InterlockedIncrement
InterlockedDecrement
lstrcmpA
DisableThreadLibraryCalls
WriteFile
SizeofResource
CreateFileA
DeleteFileA
SetFileAttributesA
GetPrivateProfileStringA
GetSystemDirectoryA
GetModuleFileNameA
TerminateProcess
OpenProcess
GetModuleHandleA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
GetShortPathNameA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
WideCharToMultiByte
ExitThread
FindFirstFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetLocaleInfoA
VirtualQuery
SetThreadPriority
GetVersionExA
GetLocalTime
Process32Next
Process32First
CreateToolhelp32Snapshot
RemoveDirectoryA
CopyFileA
CreateDirectoryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetCurrentDirectoryA
OpenMutexA
FileTimeToSystemTime
CompareFileTime
SetEnvironmentVariableA
GlobalHandle
CompareStringA
SetEndOfFile
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
ReadFile
HeapSize
HeapReAlloc
LCMapStringW
LCMapStringA
ExitProcess
GetOEMCP
GetACP
GetCPInfo
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetVersion
GetCommandLineA
RaiseException
GetFileAttributesA
MoveFileA
HeapAlloc
HeapFree
GetTimeZoneInformation
RtlUnwind
LocalFree
GetExitCodeThread
TerminateThread
CreateThread
SystemTimeToFileTime
Sleep
CloseHandle
GlobalFree
FreeResource
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
CreateMutexA
CompareStringW
GetLastError
GetSystemTime

user32

SetForegroundWindow
ShowWindow
GetDesktopWindow
FindWindowExA
GetForegroundWindow
SendMessageA
LoadIconA
PostQuitMessage
SetFocus
EnableWindow
WindowFromPoint
BringWindowToTop
IsWindowVisible
FindWindowA
SetWindowLongA
GetMessageA
GetTopWindow
GetWindowTextA
mouse_event
SetCursorPos
GetCursorPos
GetWindowRect
SetWindowPos
IsWindow
GetClassNameA
GetDlgItem
MapWindowPoints
GetClientRect
SystemParametersInfoA
CharNextA
MessageBoxA
IsDialogMessageA
DispatchMessageA
DestroyWindow
GetWindow
GetParent
CreateDialogIndirectParamA
RegisterClassExA
GetWindowLongA
SetCapture
SetTimer
TranslateMessage
KillTimer
GetWindowThreadProcessId
InvalidateRgn
InvalidateRect
IsIconic
ReleaseCapture
wsprintfA
CreateWindowExA
CreateAcceleratorTableA
RedrawWindow
BeginPaint
FillRect
EndPaint
GetDC
ReleaseDC
GetFocus
IsChild
GetSysColor
CallWindowProcA
GetWindowTextLengthA
SetWindowTextA
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA

gdi32

GetObjectA
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject
CreateSolidBrush

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA

shell32

ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
OleRun
CoCreateGuid
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize

oleaut32

RegisterTypeLi
LoadTypeLi
OleCreateFontIndirect
GetErrorInfo
VariantClear
SysStringLen
LoadRegTypeLi
SysAllocString
SysAllocStringLen
VariantInit
SysFreeString

wininet

InternetOpenUrlA
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache
InternetGetConnectedState
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

netapi32

Netbios

rpcrt4

UuidToStringA
RpcStringFreeA

shlwapi

SHDeleteKeyA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DllVersion
GetDLLVersion
LoadHistoryAD
RegeditRichMedia
Setup_RichMedia
UnNotice
WaitWindows

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ce991755c2361e9cb014d57bc621454

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

netapi32

rpcrt4

shlwapi

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 104KB - Virtual size: 100KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 104KB - Virtual size: 100KB

.reloc
Size: 12KB - Virtual size: 10KB