fb6793ea52d4024a3eee296253887e28_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb6793ea52d4024a3eee296253887e28_JaffaCakes118
Size

168KB
MD5

fb6793ea52d4024a3eee296253887e28
SHA1

a7f824b547f0d43f1127926fb19d5c5ea6649ad7
SHA256

3b0f66fba7ec4f5d7449ccfab43afc7e237a7f5eaf86d74ae60046ef8a744035
SHA512

561235935e3ff28821a1ea280ad4bd8dee5f3d9239e741808b705c1b9d40fab1eb37482fdde8ac654090cf39ca6a2b6d86bc28944542f85bb340c3f45a7fed54
SSDEEP

3072:JvgRjuL073LRyaxwa/empY1HTxyuWvca7Pl0f:Jvg+k7RN1zYFVyuW1+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb6793ea52d4024a3eee296253887e28_JaffaCakes118

Files

fb6793ea52d4024a3eee296253887e28_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a4875d7e977ea3368960189702fc885f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrlenA
lstrcmpiA
LoadLibraryExA
lstrcpynA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
CloseHandle
GetModuleFileNameA
FreeLibrary
CreateEventA
OpenEventA
lstrcpyW
GetDateFormatA
GetTimeFormatA
WriteFile
SetFilePointer
CreateFileA
DeleteFileA
GetTickCount
lstrcpyA
lstrcatA
IsBadReadPtr
GetVolumeInformationA
OutputDebugStringA
HeapReAlloc
HeapSize
GetModuleFileNameW
SetLastError
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
LoadLibraryA
IsBadCodePtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
GetOEMCP
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetCurrentProcessId
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetLastError
LoadLibraryW
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
HeapDestroy
LocalFree
ExitProcess
RtlUnwind
VirtualProtect
GetModuleHandleA

user32

EndPaint
GetWindowTextLengthA
GetWindowTextA
SetWindowLongA
SendMessageA
GetClientRect
SetCursor
BeginPaint
MoveWindow
UpdateWindow
InvalidateRect
RedrawWindow
GetParent
wsprintfA
LoadCursorA
PostMessageA
CopyRect
IsWindowVisible
ScreenToClient
GetWindowRect
GetDlgItem
ShowWindow
CharNextA
DrawTextA
CallWindowProcA
GetWindowLongA
IsWindow
DefWindowProcA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
UnregisterClassA
FillRect
TrackMouseEvent
DestroyWindow

advapi32

RegEnumKeyExA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegQueryInfoKeyA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

shell32

ShellExecuteA

oleaut32

UnRegisterTypeLi
RegisterTypeLi
SysAllocString
SysStringLen
LoadTypeLi
LoadRegTypeLi
DispCallFunc
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysFreeString
VariantChangeType

shlwapi

PathAppendA
PathFindExtensionA
UrlUnescapeA
PathRemoveFileSpecA

gdi32

SetBkMode
SetTextColor
CreateSolidBrush
DeleteObject
RoundRect
CreatePen
SelectObject
GetStockObject
CreateFontA

wininet

HttpQueryInfoA
InternetSetStatusCallback
InternetReadFileExA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4875d7e977ea3368960189702fc885f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

wininet

iphlpapi

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 10KB