062f3daf5714c1a37208630a2bad6e63_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

062f3daf5714c1a37208630a2bad6e63_JaffaCakes118
Size

180KB
MD5

062f3daf5714c1a37208630a2bad6e63
SHA1

bddb962f73d6c84792b8391156858a069368d23a
SHA256

aa6c1f2db24f202c2d021aaf3356ceeab261d056af19aea47ab29c8455cfa15f
SHA512

2e4a5f47edad1ced437b658cb7a67b583fd27f53b14130e03606d0a63efd8abfa3f3ae9ea72848a4a52526a4e4564e385285b371d0b8f6a0c7cf22c8475fdcd3
SSDEEP

3072:aOcuyoKtid8qHQacZN25jeIqKnXiH3pxf8fvl62EKHZokf:nfKtidfwcVeQXiH3p6fcw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
062f3daf5714c1a37208630a2bad6e63_JaffaCakes118

Files

062f3daf5714c1a37208630a2bad6e63_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6556a8cc7201d86e92d1f35e56600b18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
UnmapViewOfFile
CompareStringW
CompareStringA
SetEndOfFile
GetOEMCP
GetACP
SetFilePointer
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
CreateFileMappingA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
ReadFile
HeapSize
TerminateProcess
LCMapStringW
LCMapStringA
ExitProcess
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetVersion
GetCommandLineA
HeapReAlloc
HeapAlloc
GetSystemTime
GetTimeZoneInformation
RtlUnwind
InterlockedExchange
Sleep
MapViewOfFile
WinExec
IsDBCSLeadByte
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
HeapDestroy
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
CreateMutexA
GetLastError
GetShortPathNameA
FreeLibrary
FindFirstFileW
FindNextFileW
FindClose
ExpandEnvironmentStringsW
LocalFree
GetLocalTime
GetPrivateProfileIntA
GetPrivateProfileStringA
WriteProcessMemory
CreateToolhelp32Snapshot
Module32First
Module32Next
lstrcpyA
lstrcmpiA
CloseHandle
OpenProcess
lstrcmpA
GetModuleFileNameA
lstrcatA
lstrlenA
GetCurrentProcessId
lstrcatW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetModuleFileNameW
LoadLibraryW
GetSystemDefaultLangID
GetProcessHeap
HeapFree
lstrcpyW
lstrcmpiW
lstrcpynW
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
lstrcpynA
GetModuleHandleA
GetVersionExA
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
LoadLibraryA
GetProcAddress
GetStartupInfoA
SetEnvironmentVariableA

user32

CharNextA
FindWindowA
SetWindowPos
BringWindowToTop
CallWindowProcW
SetWindowLongW
GetClassNameA
GetWindowLongW
GetDlgCtrlID
SetWindowTextA
GetCursorPos
SetTimer
UpdateWindow
DefWindowProcA
IsWindow
GetWindowRect
wsprintfW
GetFocus
FillRect
FindWindowExA
GetWindowThreadProcessId
DrawIconEx
GetWindowDC
SetWindowsHookExW
GetClassNameW
FindWindowW
LoadIconW
DestroyIcon
LoadImageW
FindWindowExW
GetSysColor
SendMessageW
PostMessageW
GetParent
SetWindowTextW
GetWindowTextLengthW
SetFocus
SendMessageA
DrawTextW
GetWindowTextW
LoadBitmapA
GetSystemMetrics
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
ReleaseDC
EndPaint
CreateWindowExA
CallWindowProcA
GetWindowLongA
SetWindowLongA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
ReleaseCapture
SetCapture
PtInRect
GetDC
InflateRect
BeginPaint
SystemParametersInfoA
ShowWindow
PostMessageA
MoveWindow
SetWindowRgn
ScreenToClient
OffsetRect
SetRectEmpty
GetClientRect
DrawFrameControl
GetWindowTextA
DrawTextA
IsRectEmpty
CopyRect
KillTimer
LoadImageA

gdi32

SetStretchBltMode
DeleteDC
GetStockObject
GetObjectA
CreateFontIndirectA
DeleteObject
ExtTextOutA
SetBkColor
SelectObject
CreateCompatibleDC
SetTextColor
SetBkMode
FrameRgn
OffsetRgn
CreateSolidBrush
ExcludeClipRect
SetWindowOrgEx
GetClipBox
BitBlt
EqualRgn
CombineRgn
CreateRectRgn
CreatePolygonRgn
SetViewportOrgEx
GetViewportOrgEx
SetPixel
GetTextExtentPoint32W
GetTextExtentPointW
StretchBlt
CreateCompatibleBitmap

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegCreateKeyExW

shell32

SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetMalloc
SHGetDesktopFolder
ShellExecuteA

ole32

CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc

oleaut32

VarUI4FromStr
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
VariantClear
SysFreeString
OleTranslateColor

shlwapi

PathAppendA
PathRemoveFileSpecA
StrDupA
PathIsDirectoryW
PathFileExistsW
StrRStrIW
StrRetToBufW
StrCpyW
PathIsURLW
UrlApplySchemeW
StrDupW
SHDeleteValueA
StrStrIA
StrCmpNIW
StrStrW
SHGetValueA
SHSetValueA
StrNCatW
PathRemoveFileSpecW
StrCmpIW
StrStrIW
StrCmpW

wininet

InternetCrackUrlW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Draw
ImageList_SetBkColor
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Destroy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
cfi_Inject
cfi_StartHook
cfi_StopHook

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6556a8cc7201d86e92d1f35e56600b18

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

comctl32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 12KB - Virtual size: 45KB

Shared Size: 4KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 12KB - Virtual size: 45KB

Shared
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 12KB - Virtual size: 10KB