10b9ef6ececffec7b404e567095cb229_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10b9ef6ececffec7b404e567095cb229_JaffaCakes118
Size

588KB
MD5

10b9ef6ececffec7b404e567095cb229
SHA1

c638c6e290fa5b801a660823da08a9251c47c868
SHA256

418e18468fae198983bc0251777910a331980fea6da96586e0abdd76ac8f04a6
SHA512

457c009422376371ef8e2abd0086167bdd1e88ab28cc509f870c4b36e3d664de78fc2a11c9f23c84c50a33771f1efe4d651532589d405977a207bc94fa375969
SSDEEP

6144:xI4vbLBCAqZ/uv1lQB2LqGY9I5IC373AEH3obOLEJqNRzYNLdrzZe/gVQmOukNU:xIOB1RHBmGZ7noBJqwprlUgCLNU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10b9ef6ececffec7b404e567095cb229_JaffaCakes118

Files

10b9ef6ececffec7b404e567095cb229_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

4281b231a4746ce57ca0faf292ed80da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

capicom.pdb

Imports

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
lstrcmpA
WriteFile
GetFileSize
CreateFileMappingA
MapViewOfFile
GetFileType
CloseHandle
GetLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
UnmapViewOfFile
FileTimeToLocalFileTime
SetLastError
FileTimeToSystemTime
FormatMessageA
LocalAlloc
LocalFree
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
lstrcpyA
lstrcpynA
lstrcatA
DisableThreadLibraryCalls
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrcmpiA
IsDBCSLeadByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenW
GetVersionExA
WideCharToMultiByte
MultiByteToWideChar
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
CreateFileW
CreateFileA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
RaiseException
GetCPInfo
GetOEMCP
HeapSize
IsBadWritePtr
VirtualFree
GetACP
InterlockedExchange
Sleep
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
ExitProcess
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate

ntdll

RtlUnwind

mssign32

SignerTimeStamp

advapi32

CryptDeriveKey
CryptGetUserKey
CryptGetHashParam
CryptDecrypt
CryptEncrypt
CryptGenRandom
CryptCreateHash
CryptHashData
CryptSetKeyParam
CryptDestroyKey
CryptAcquireContextA
CryptGetProvParam
CryptGetKeyParam
RegEnumKeyExA
CryptDestroyHash
CryptReleaseContext
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

crypt32

CertFreeCertificateChain
CertCloseStore
CertAddEncodedCertificateToStore
CertFindExtension
CertGetEnhancedKeyUsage
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertOpenStore
CertDuplicateStore
CertComparePublicKeyInfo
CryptExportPublicKeyInfo
CertGetNameStringW
CertAddCertificateContextToStore
CertGetCertificateContextProperty
PFXImportCertStore
CryptQueryObject
CertSetCertificateContextProperty
CertVerifyTimeValidity
CertFindCertificateInStore
CertGetValidUsages
CertGetIntendedKeyUsage
CryptFindOIDInfo
CertFindChainInStore
CertSaveStore
CertCreateCertificateContext
CryptMsgGetParam
CertDuplicateCertificateChain
CryptEncodeObject
CryptDecodeObject
CryptAcquireCertificatePrivateKey
CertCompareIntegerBlob
CryptFormatObject
CryptMsgOpenToEncode
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptMsgControl
CertGetSubjectCertificateFromStore
CertEnumCertificateContextProperties
CertCompareCertificateName
PFXExportCertStoreEx
CertGetPublicKeyLength
CertFindAttribute
CertControlStore
CertDeleteCertificateFromStore
CertFreeCertificateContext

ole32

CoTaskMemFree
ProgIDFromCLSID
CoCreateInstance
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
VariantCopy
SysAllocStringLen
SetErrorInfo
CreateErrorInfo
VariantChangeType
SystemTimeToVariantTime
SysStringByteLen
VariantTimeToSystemTime
SysAllocStringByteLen
VariantInit
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate

user32

CharNextA
CharPrevA
LoadStringA
wsprintfA
SetWindowPos
GetSystemMetrics
GetWindowRect
SetFocus
GetDlgItem
SetWindowLongA
EndDialog
IsDlgButtonChecked
GetWindowLongA
DialogBoxParamA

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 177KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4281b231a4746ce57ca0faf292ed80da

Headers

File Characteristics

PDB Paths

Imports

kernel32

ntdll

mssign32

advapi32

crypt32

ole32

oleaut32

user32

wininet

wintrust

Exports

Exports

Sections

.text Size: 259KB - Virtual size: 259KB

.data Size: 177KB - Virtual size: 184KB

.rsrc Size: 126KB - Virtual size: 126KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 259KB - Virtual size: 259KB

.data
Size: 177KB - Virtual size: 184KB

.rsrc
Size: 126KB - Virtual size: 126KB

.reloc
Size: 24KB - Virtual size: 23KB