122fe8e94a85153c916c8a4c817ebc2a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

122fe8e94a85153c916c8a4c817ebc2a_JaffaCakes118
Size

48KB
MD5

122fe8e94a85153c916c8a4c817ebc2a
SHA1

ab7206e85cdcea1409e8951f41da22d056eb0b4d
SHA256

21fa007f091782c01b05e20e0a652dba155ec08463963a235c6acf051214b94f
SHA512

ec9cd63312b7fef0fb9d7f0dd328805ac3c8d1f5d89846bc747994f39b655b9dac7209f32291354c7b3f50ccfd5e966a9ceaff88d0862c6f330a22ccdcf7666e
SSDEEP

768:adzUH1qTldP18ejipz+2UbIwzqQsppb3Xes:PV+ldW/9DUceqpDXes

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
122fe8e94a85153c916c8a4c817ebc2a_JaffaCakes118

Files

122fe8e94a85153c916c8a4c817ebc2a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

524413bfa0dc0ae760e977362da3b72f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
GetProcAddress
LoadLibraryA
WriteFile
GetTempPathA
IsBadStringPtrA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetCommandLineA
WriteProcessMemory
GetWindowsDirectoryA
GetModuleHandleA
Process32Next
OpenProcess
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
MoveFileExA
CopyFileA
GetSystemDirectoryW
CreateFileA
ReadFile
DeleteFileA
MultiByteToWideChar
GetCurrentProcess
TerminateProcess
Sleep
GetModuleFileNameA
CreateThread
VirtualAlloc
CloseHandle

user32

GetWindowRect
GetWindowDC
SetWindowPos
ShowWindow
wsprintfA
IsWindowVisible
GetDesktopWindow
GetSystemMetrics
EnumWindows
GetWindowTextA

gdi32

CreateCompatibleDC
SelectObject
BitBlt
GetDeviceCaps
CreateCompatibleBitmap
DeleteObject

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

ws2_32

gethostbyname
inet_ntoa
inet_addr
htons
connect
send
closesocket
WSACleanup
socket
WSAStartup

gdiplus

GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageGraphicsContext
GdipScaleWorldTransform
GdipDrawImageI
GdipSaveImageToFile
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders

shlwapi

PathFileExistsA

msvcrt

_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
strlen
_strlwr
??0exception@@QAE@ABV0@@Z
wcscpy
wcscat
sprintf
memmove
__CxxFrameHandler
_except_handler3
strchr
atoi
malloc
wcscmp
free
??2@YAPAXI@Z
strstr

Exports

Exports

CreateComponent
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetComponentIDs
MsimtfIsGuidMapEnable
MsimtfIsWindowFiltered
Run
SetDLLRegistry
SetFactoryHandle
TenioDllCanUnloadNow
TenioDllFreeMap
TenioSetDllSafe

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

524413bfa0dc0ae760e977362da3b72f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

ws2_32

gdiplus

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB