f5ce45cdf6fae82e633179c29f3d3e7d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f5ce45cdf6fae82e633179c29f3d3e7d_JaffaCakes118
Size

168KB
MD5

f5ce45cdf6fae82e633179c29f3d3e7d
SHA1

56b92818c703b9ff991ae1d2388176ed1aae42b3
SHA256

c14529fa80b49ae5afcfe5effe0819670d4d8c9217890beb8d3bf8e8e03bde23
SHA512

20864e346c011c906cfae97182d8b317ef327da2367a102d9923670f3b34ebce75931b849c687174abbc9185a6f60bb2bc6a896ff8333e3d0246d96e48d1714e
SSDEEP

3072:O/7qLvb7TucIcf5HEC1QIANJ88mRh0e/Hw7:O/7qh75HEC1QIv8AhFHw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5ce45cdf6fae82e633179c29f3d3e7d_JaffaCakes118

Files

f5ce45cdf6fae82e633179c29f3d3e7d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ec745084e61f26368ffb2c3b5055fd74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIA
SHSetValueA
SHGetValueA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

oleaut32

VariantClear
SysAllocString
SysFreeString
GetErrorInfo

netapi32

Netbios

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

wininet

InternetCloseHandle
InternetSetOptionA
InternetReadFile
InternetOpenA
HttpQueryInfoA
InternetOpenUrlA

winmm

timeGetTime

advapi32

SetEntriesInAclA
SetSecurityInfo
RegOpenKeyExA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
GetSecurityInfo

rpcrt4

UuidToStringA

user32

DefWindowProcA
SystemParametersInfoA
SetWindowPos
GetClassNameA
SetTimer
EnumChildWindows
EnumWindows
OpenClipboard
CloseClipboard
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
wsprintfA
GetWindowThreadProcessId

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoInitialize
CoCreateInstance

msvcrt

fwrite
??0exception@@QAE@ABV0@@Z
??3@YAXPAX@Z
strncpy
printf
__CxxFrameHandler
_CxxThrowException
??2@YAPAXI@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
wcslen
wcscmp
isalpha
malloc
isspace
strchr
strerror
ispunct
isupper
free
tolower
strstr
islower
isgraph
srand
isalnum
fclose
isxdigit
fopen
tmpnam
atoi
strtol
toupper
strtok
wctomb
__mb_cur_max
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv

kernel32

GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
CreateFileA
DeleteFileA
CreateProcessA
SleepEx
MoveFileExA
GetCurrentProcessId
GetCurrentThread
GetThreadTimes
lstrcmpA
lstrcmpiA
GetVersionExA
GetEnvironmentStrings
GetModuleFileNameA
HeapFree
GetProcessHeap
FreeLibrary
GetProcAddress
WaitForSingleObject
lstrlenA
FreeEnvironmentStringsA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
CloseHandle
GetSystemDirectoryA
lstrcpyA
GetLocalTime
lstrcpynA
GetCurrentProcess
GetProcessTimes
GetFullPathNameA
SetLastError
MultiByteToWideChar
GetModuleHandleA
GetCurrentDirectoryA
GetSystemInfo
GetVersion
HeapAlloc
HeapSize
FormatMessageA
LocalFree
GetWindowsDirectoryA
Sleep
GetLastError

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec745084e61f26368ffb2c3b5055fd74

Headers

File Characteristics

Imports

shlwapi

version

oleaut32

netapi32

psapi

wininet

winmm

advapi32

rpcrt4

user32

ole32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 24KB - Virtual size: 23KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 24KB - Virtual size: 23KB

.reloc
Size: 12KB - Virtual size: 8KB