10672d9250411fac9789a982867edb1e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10672d9250411fac9789a982867edb1e_JaffaCakes118
Size

256KB
MD5

10672d9250411fac9789a982867edb1e
SHA1

ea14ff44ca9c1c6b6cded486767afb6df36c3676
SHA256

a678fe36814f0df81a151e808744256fcbe67f25c9a4dd3995831ed1b0d32707
SHA512

84887af096b6c9fbfd1825606711dacd437578931fc59df3f9a08cd7995d54d1e2f4482d24a5786f2c81275cbcb197577a3ed0cffa6b1f369eab88f4505ec3fc
SSDEEP

6144:1JhtXBpsAAmEVMRcX/hxAkfwgZxxBEyGUPhnT6MHt:1LtXBapX/hRfwixxBBfeM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10672d9250411fac9789a982867edb1e_JaffaCakes118

Files

10672d9250411fac9789a982867edb1e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

52242664511df48e898969280b25effa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
CreateFileA
ReadFile
SetFilePointer
GetSystemDirectoryA
GetWindowsDirectoryA
WideCharToMultiByte
WinExec
LockResource
SizeofResource
LoadResource
FindResourceA
GetACP
CreateDirectoryA
GetEnvironmentVariableA
RemoveDirectoryA
GetVersionExA
FindNextFileA
FindFirstFileA
ReleaseMutex
WriteFile
MoveFileExA
CopyFileA
GetCurrentProcess
InterlockedDecrement
SetEvent
WaitForMultipleObjects
ResetEvent
CreateEventA
lstrlenW
LoadLibraryExA
SetErrorMode
LocalFree
lstrcpyA
lstrcatA
Sleep
lstrlenA
MultiByteToWideChar
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileSectionA
DeleteFileA
GetTempPathA
GetTempFileNameA
WaitForSingleObject
GetTickCount
CreateMutexA
GetLastError
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
GetShortPathNameA
DisableThreadLibraryCalls
GetModuleFileNameA
FindClose

user32

GetSysColor
IsWindowVisible
GetDesktopWindow
MessageBoxA
GetClassNameA
CallWindowProcW
EnableWindow
SetWindowTextA
GetForegroundWindow
CallWindowProcA
IsIconic
SetWindowLongA
PostQuitMessage
LoadStringA
LoadBitmapA
PeekMessageA
GetPropA
GetParent
GetClientRect
FlashWindowEx
PostMessageA
FindWindowExA
IsWindow
DestroyWindow
DestroyIcon
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
IsDialogMessageA
GetMessageA
ShowWindow
SetWindowPos
ScreenToClient
GetWindowRect
GetDlgItem
CreateDialogParamA
RemovePropA
KillTimer
SetTimer
SetPropA
IsWindowUnicode
SetWindowLongW
GetSystemMetrics
SetForegroundWindow
GetAncestor
GetCapture
GetDC
GetMessagePos
SendMessageA
ReleaseDC
SetCapture
ReleaseCapture
LoadCursorA
SetCursor
BeginPaint
GetWindowTextA
DrawTextA
EndPaint
DialogBoxParamA
InvalidateRect
CheckDlgButton
IsDlgButtonChecked
EndDialog
ExitWindowsEx
SetDlgItemTextA
LoadImageA
LoadIconA
wsprintfA

gdi32

GetObjectA
GetPixel
SelectObject
SetBkColor
CreateFontIndirectA
SetTextColor
DeleteObject

advapi32

RegOpenKeyA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
LookupPrivilegeValueA

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance
OleUninitialize
OleInitialize
CoUninitialize
CoGetMalloc
StringFromIID
CLSIDFromString

oleaut32

SysStringByteLen
SysAllocString
SysAllocStringByteLen
VariantInit
VariantClear
SysFreeString
LoadTypeLi
RegisterTypeLi

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked

shlwapi

SHRegEnumUSKeyA
SHRegOpenUSKeyA
SHDeleteValueA
SHGetValueA
SHDeleteKeyA
SHSetValueA
SHDeleteEmptyKeyA
SHRegCloseUSKey

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

urlmon

URLDownloadToFileA

msvcrt

_itoa
__CxxFrameHandler
memset
??2@YAPAXI@Z
memcmp
strcat
strcpy
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
_CxxThrowException
toupper
wcscpy
wcslen
strncat
wcscmp
_mbsnbcmp
_mbscmp
atoi
atol
_stricmp
ftell
rewind
fgets
_strnicmp
fseek
fprintf
memmove
fwrite
_ftol
_mbsstr
sprintf
strchr
sscanf
time
srand
rand
_mbsnbcpy
free
fopen
fread
fclose
malloc
strstr
_beginthreadex
strncpy
strrchr
_except_handler3
memcpy
strcmp
_mbsicmp
_snprintf
strlen

setupapi

SetupIterateCabinetA

wininet

InternetConnectA
InternetOpenA
InternetSetStatusCallback
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetGetConnectedState
InternetCrackUrlA
HttpQueryInfoA
InternetCloseHandle

Exports

Exports

Action
ActionEx
CheckIntegrity
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EventInvoke
Install
SCEventInvoke
SetSysInfo
Version

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ylive_d
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52242664511df48e898969280b25effa

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

version

urlmon

msvcrt

setupapi

wininet

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 22KB

.ylive_d Size: 4KB - Virtual size: 8B

.rsrc Size: 164KB - Virtual size: 161KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 22KB

.ylive_d
Size: 4KB - Virtual size: 8B

.rsrc
Size: 164KB - Virtual size: 161KB

.reloc
Size: 8KB - Virtual size: 5KB