0365ba032b3cd5bbc1095c3457296db4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0365ba032b3cd5bbc1095c3457296db4_JaffaCakes118
Size

151KB
MD5

0365ba032b3cd5bbc1095c3457296db4
SHA1

22e8a7b9b3b91c7c733a527e2dcb41492c3a8e0e
SHA256

63930d3311ba241e4cf829b1a23bf2a0d518b639f30fbc9b7a018dd2d80c30df
SHA512

3972433981892a12f9c61386baffc97e421f623e34c2dfb8f8ccd33e5e5fa5fb8597262745288c74b68777ce8a7dd8f3a3c169416d2f4d094840d66d8f181b8b
SSDEEP

3072:SUkpIG9yHm5hT94WpE6TCFq0XXm4AGgTJk4gC/xTOobEct6mG:BkKOLKtDTg+5CpTOobEccd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0365ba032b3cd5bbc1095c3457296db4_JaffaCakes118

Files

0365ba032b3cd5bbc1095c3457296db4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1346d03fa629ac514282b768eec9f1c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHSetValueA
SHDeleteKeyA
PathAppendA
PathFileExistsA
SHDeleteValueA
PathFindFileNameA
SHGetValueA
PathStripToRootA
StrStrIA
PathIsUNCA
PathFindExtensionA
PathRemoveExtensionA
PathRemoveFileSpecA
PathRemoveBlanksA
PathRemoveBackslashA

kernel32

lstrcmpA
CreateMutexA
OpenMutexA
CreateThread
Sleep
SetThreadPriority
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
LoadLibraryExA
EnterCriticalSection
ReadFile
GetFileSize
CreateFileA
GetShortPathNameA
GetLongPathNameA
GetSystemDirectoryA
GetWindowsDirectoryA
lstrcpynA
lstrlenW
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
SetLastError
GetModuleFileNameA
CopyFileA
FreeLibrary
DeleteFileA
VirtualQuery
lstrcmpiA
CreateToolhelp32Snapshot
ReadProcessMemory
VirtualProtect
WriteProcessMemory
GetCurrentProcessId
Module32First
Module32Next
GetModuleHandleA
GetCurrentProcess
FlushInstructionCache
GetSystemInfo
lstrlenA
MultiByteToWideChar
WaitForSingleObject
TerminateThread
CloseHandle
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryW
GetModuleHandleW
OutputDebugStringA
GetFileAttributesW
GetVersionExA
GetLastError
GlobalSize
GetProcAddress
GetVersion
lstrcatA
lstrcpyA
IsBadStringPtrA
GlobalLock
LeaveCriticalSection
LocalFree
GetPrivateProfileStringA
IsBadStringPtrW
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
TlsAlloc
WritePrivateProfileSectionA
DeviceIoControl
GetPrivateProfileIntA
WritePrivateProfileStringA
MoveFileExA
WriteFile
WritePrivateProfileStructA
GetTempPathA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
IsDebuggerPresent
GetACP
CreateProcessA
GetPrivateProfileStructA

user32

GetPropA
RegisterWindowMessageA
GetClassNameA
SendMessageA
SetWindowTextA
IsWindow
GetParent
EnumWindows
MessageBoxA
SetWindowsHookExA
InvalidateRect
ReleaseDC
DrawTextA
GetWindowTextA
FillRect
GetSysColor
GetDC
GetFocus
GetKeyState
SetWindowLongW
GetWindowLongW
GetComboBoxInfo
DrawFocusRect
UnhookWindowsHookEx
CallNextHookEx
GetWindowThreadProcessId
IsWindowVisible
DialogBoxParamA
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItemTextA
EndDialog
GetWindowTextLengthA
GetDlgItem
EnableWindow
LoadStringA
EnumChildWindows
SendMessageTimeoutA
WindowFromPoint
DefWindowProcA
CallWindowProcA
FindWindowExA
GetWindowLongA
SetPropA
SetWindowLongA
RemovePropA

advapi32

RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegEnumKeyExA
RegCloseKey
CloseServiceHandle
OpenSCManagerA
DeleteService
OpenServiceA
ControlService
RegOpenKeyExA

ole32

RevokeDragDrop
RegisterDragDrop
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
ReleaseStgMedium

oleaut32

VariantClear
SysAllocString
SysFreeString

imagehlp

ImageDirectoryEntryToData

msvcrt

_mbsrchr
bsearch
fclose
fgets
fopen
_mbclen
_ismbcdigit
atoi
_vsnprintf
_mbsnbcpy
_CxxThrowException
fwrite
rand
srand
time
fread
??1type_info@@UAE@XZ
fseek
ftell
fputs
strstr
rewind
wcslen
strrchr
_wcsicmp
_tempnam
atol
_ltoa
_mbstok
__dllonexit
_onexit
_initterm
_adjust_fdiv
free
_snprintf
realloc
_mbslwr
_mbsstr
_mbschr
_mbsnbicmp
_mbscmp
sprintf
_purecall
wcscpy
_mbsicmp
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_except_handler3
tmpnam
_stricmp
_strlwr
_itoa
malloc

urlmon

IsValidURL
URLDownloadToFileA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

send
gethostbyname
setsockopt
socket
inet_addr
WSAStartup
WSACleanup
closesocket
recv
inet_ntoa
htons
connect
WSAGetLastError

gdi32

SetBkMode
GetStockObject
DeleteObject
CreateSolidBrush
SetTextColor
GetTextExtentPointA
SetPixel
LineTo
MoveToEx
CreatePen
SetBkColor
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteA
SHGetSpecialFolderPathA

wininet

InternetCrackUrlA
DeleteUrlCacheEntry

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Register
Uninstall

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1346d03fa629ac514282b768eec9f1c1

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

ole32

oleaut32

imagehlp

msvcrt

urlmon

version

ws2_32

gdi32

shell32

wininet

Exports

Exports

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 11KB - Virtual size: 10KB