0e667e89df0b858159d65e0a3b8422ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e667e89df0b858159d65e0a3b8422ba_JaffaCakes118
Size

1.2MB
MD5

0e667e89df0b858159d65e0a3b8422ba
SHA1

060f0db4c917bea4c89323a79c63b6b234fe1fb3
SHA256

b6fd5e6b7e7e914c194ad692b77eb61ae1f07a74ae0bb3b9649166717fafce21
SHA512

c0d6568ecc3b0a4103546eeb354fdbc23d8110ff959ddac26ed183b5c6929d68cae458622c61fc248f96d322d9a0d900a5077af5f4a37354f674c4805753af47
SSDEEP

24576:2cbSvQkLMQ5tbkNEmB7U2mPzICOJGTa5itUEYhXhFhDsq:2CyNLMQ7ba7YPoJGTa5itUEYrFh1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e667e89df0b858159d65e0a3b8422ba_JaffaCakes118

Files

0e667e89df0b858159d65e0a3b8422ba_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

9d3d5f612ed5bdc4b393b2a46918ae18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipCreateFromHDC
GdipDrawImageRectI
GdipFree
GdipAlloc
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCloneImage
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipBitmapSetResolution
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipDrawImageRect
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown

kernel32

InterlockedIncrement
InterlockedDecrement
GetLastError
WideCharToMultiByte
CreateFileW
GetModuleFileNameW
ExpandEnvironmentStringsW
OutputDebugStringW
CreateMutexW
CreateEventA
SetEvent
ReleaseMutex
WaitForSingleObject
WriteFile
GetFileSizeEx
GetCurrentThreadId
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
FlushInstructionCache
LoadLibraryW
SetLastError
OutputDebugStringA
ResumeThread
InterlockedCompareExchange
MulDiv
MultiByteToWideChar
lstrlenW
lstrcmpW
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryA
InterlockedExchange
CreateEventW
GetExitCodeThread
SetThreadPriority
GetCurrentThread
SetThreadLocale
GetThreadLocale
GlobalFree
LocalFree
FormatMessageW
SetFilePointerEx
FlushFileBuffers
GetFileTime
ReadFile
SetEndOfFile
UnmapViewOfFile
GetCurrentDirectoryW
GetSystemDirectoryW
DeleteFileW
RemoveDirectoryW
MapViewOfFile
CreateFileMappingW
CreateDirectoryW
FreeLibrary
GetModuleHandleExW
FindResourceExW
GetVersionExW
GetSystemInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CompareStringW
CompareStringA
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
CreateThread
ExitThread
GetDateFormatA
GetTimeFormatA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FormatMessageA
MoveFileW
CreateFileA
GetLocaleInfoA
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetFilePointer
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
CreateMutexA

user32

IsWindow
InvalidateRect
GetClientRect
SendMessageW
ReleaseCapture
UnregisterClassA
LoadCursorW
SetWindowLongW
PostMessageW
DrawTextW
TrackMouseEvent
SetRect
DestroyWindow
PostQuitMessage
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetWindowLongW
IsDialogMessageW
GetDlgCtrlID
DispatchMessageW
TranslateMessage
GetMessageW
AttachThreadInput
GetWindowTextW
GetWindowTextLengthW
PeekMessageW
GetDialogBaseUnits
LoadIconW
SystemParametersInfoW
EnableMenuItem
DestroyIcon
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
AdjustWindowRectEx
MessageBoxW
KillTimer
SetTimer
GetSystemMenu
GetMenu
RegisterWindowMessageW
SetWindowTextW
CreateAcceleratorTableW
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
GetClassNameW
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ReleaseDC
SetWindowPos
CharNextW
GetSysColor
DefWindowProcW
CopyRect
GetParent
IsWindowVisible
ShowWindow
ScreenToClient
ClientToScreen
GetWindowRect
MoveWindow
GetDC

gdi32

BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject
CreateFontIndirectW
GetTextExtentPoint32W
GetDeviceCaps
GetStockObject
SetBkColor
CreateSolidBrush
RectVisible
SetBkMode
SelectObject
GetObjectW
ExcludeClipRect
SetTextColor

advapi32

RegDeleteValueW
RegEnumKeyExW
IsTextUnicode
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumValueW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
LsaNtStatusToWinError
RegOpenCurrentUser

shell32

ExtractIconW
ShellExecuteExW

ole32

CreateBindCtx
CoInitializeEx
CoCreateInstance
CoTaskMemFree
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
StringFromGUID2
OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CoUninitialize

oleaut32

SysStringLen
VariantChangeType
VariantCopy
SysAllocStringLen
SafeArrayGetDim
SafeArrayCopy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayGetVartype
SafeArrayUnlock
SafeArrayLock
SysStringByteLen
SysAllocStringByteLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
SysFreeString
VariantInit
SysAllocString

shlwapi

UrlIsW
PathFindFileNameW
UrlCreateFromPathW

urlmon

CreateAsyncBindCtx
CreateURLMonikerEx

rpcrt4

UuidToStringW
RpcStringFreeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 880KB - Virtual size: 879KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d3d5f612ed5bdc4b393b2a46918ae18

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

rpcrt4

Exports

Exports

Sections

.text Size: 880KB - Virtual size: 879KB

.rdata Size: 221KB - Virtual size: 221KB

.data Size: 61KB - Virtual size: 71KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 95KB - Virtual size: 94KB

.text
Size: 880KB - Virtual size: 879KB

.rdata
Size: 221KB - Virtual size: 221KB

.data
Size: 61KB - Virtual size: 71KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 95KB - Virtual size: 94KB