018de35c32d402202d61c82e6c5ad491_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

018de35c32d402202d61c82e6c5ad491_JaffaCakes118
Size

168KB
MD5

018de35c32d402202d61c82e6c5ad491
SHA1

a553632b98f0e1b312966fb5f2530899348de44c
SHA256

1a24ad881dedcd3be4d01e3f0b2d64f6fbe82fac471e3b31687059b45fcb8722
SHA512

f02f072452a153ac1317f2f759a95d80d71ac2e72e7723728d31cba5d7b6c9ae7a6da49872229fc425aef86c360ddb025eb75c839f753727e7fc34445f9a8009
SSDEEP

3072:cQ7DD725fIkip3lzNIKnlir0dZmwESm409aLuJDPXdt0uQ5D:t7DHme5bUwdZmCHIPXduBD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
018de35c32d402202d61c82e6c5ad491_JaffaCakes118

Files

018de35c32d402202d61c82e6c5ad491_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

27272b722666d3f12a58de001ac614da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

netapi32

Netbios

shlwapi

SHSetValueA
StrStrIA
SHGetValueA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

user32

EnumWindows
EnumChildWindows
GetWindowThreadProcessId
GetClassNameA
CloseClipboard
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
DefWindowProcA
wsprintfA
SystemParametersInfoA
SetWindowPos
OpenClipboard

msvcrt

strerror
srand
isalnum
isgraph
fclose
fwrite
fopen
tmpnam
atoi
strtol
toupper
strtok
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
free
ispunct
__mb_cur_max
malloc
isupper
isxdigit
isspace
strchr
islower
strncpy
strstr
wcscmp
?what@exception@@UBEPBDXZ
wcslen
printf
__CxxFrameHandler
??2@YAPAXI@Z
??1exception@@UAE@XZ
??3@YAXPAX@Z
_CxxThrowException
??0exception@@QAE@XZ
isalpha
tolower
??0exception@@QAE@ABV0@@Z
wctomb

oleaut32

VariantClear
GetErrorInfo
SysAllocString
SysFreeString

advapi32

RegCloseKey
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegOpenKeyExA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoCreateGuid

wininet

InternetOpenA
InternetSetOptionA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile

rpcrt4

UuidToStringA

kernel32

GetCurrentProcess
GetProcessTimes
GetSystemInfo
GetCurrentThread
GetThreadTimes
CreateFileA
DeleteFileA
CreateProcessA
WaitForSingleObject
MoveFileExA
MultiByteToWideChar
GetCurrentProcessId
GetSystemDirectoryA
lstrcpyA
lstrcpynA
GetLocalTime
SleepEx
LoadLibraryA
GetProcAddress
WriteProcessMemory
CreateRemoteThread
FreeLibrary
lstrcmpA
GetVersion
CloseHandle
OpenProcess
Sleep
lstrlenA
GetCurrentDirectoryA
SetLastError
GetFullPathNameA
LocalFree
FormatMessageA
FreeEnvironmentStringsA
GetEnvironmentStrings
lstrcmpiA
HeapFree
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
GetWindowsDirectoryA
GetProcessHeap
HeapAlloc
VirtualAllocEx
GetLastError
HeapSize
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27272b722666d3f12a58de001ac614da

Headers

File Characteristics

Imports

winmm

netapi32

shlwapi

version

psapi

user32

msvcrt

oleaut32

advapi32

ole32

wininet

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 20KB - Virtual size: 22KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 20KB - Virtual size: 22KB

.reloc
Size: 12KB - Virtual size: 8KB