12d4eb1d5198050c1150c6bb678f78b1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

12d4eb1d5198050c1150c6bb678f78b1_JaffaCakes118
Size

476KB
MD5

12d4eb1d5198050c1150c6bb678f78b1
SHA1

1576fff9ce2977af11ded8aa8ad0a78d6509877f
SHA256

92e1a2af48f11e69b6b721a1ff3913f78032a795052f6304440b370a48a8361a
SHA512

167e51e44c9ecdde37634eebacf54ff94f079a23035a6deb6afe5cd027b48a41d44ebf994607162925b588ab1103a7bde3545f88aa70a4bcd5d672af1c93d4b7
SSDEEP

12288:1PjcGV/WdyN35ZzX5CLndaNavnHnsant/A:1QUed2XAndaNavnHnsat/A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12d4eb1d5198050c1150c6bb678f78b1_JaffaCakes118

Files

12d4eb1d5198050c1150c6bb678f78b1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6f6bd6e4ace058f4c2bcb4978074dde9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

urlmon

CoInternetCombineUrl
ObtainUserAgentString

wininet

InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
FtpOpenFileW
HttpEndRequestW
InternetReadFile
InternetReadFileExA
InternetCloseHandle
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
UnlockUrlCacheEntryFileW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetGetConnectedState
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
HttpQueryInfoW
FtpGetFileSize
HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
InternetConnectW
InternetSetOptionA
InternetSetStatusCallbackW

shlwapi

SHDeleteKeyW
PathIsDirectoryW
PathIsRootW
PathFileExistsW
PathGetDriveNumberW
StrStrIW
SHDeleteValueW
UrlCanonicalizeW
SHGetValueW
SHSetValueW
PathFindFileNameW
PathCombineW

kernel32

lstrcpyW
GetShortPathNameW
TlsSetValue
TlsGetValue
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetTempPathW
GetTickCount
CloseHandle
DeleteFileW
WideCharToMultiByte
GetProcAddress
WaitForSingleObject
CopyFileW
SetLastError
GetLastError
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetFileAttributesW
GetVersion
RemoveDirectoryW
OutputDebugStringA
TlsAlloc
TlsFree
DisableThreadLibraryCalls
GetModuleFileNameW
MultiByteToWideChar
GetCurrentThreadId
GetPrivateProfileStringW
FreeLibrary
lstrcatW
GetCurrentProcess
SetErrorMode
LoadLibraryExA
CreateEventW
SetEvent
Sleep
IsBadWritePtr
IsBadReadPtr
CancelWaitableTimer
WaitForMultipleObjects
ResetEvent
GetTempFileNameW
SetWaitableTimer
CreateWaitableTimerW
SystemTimeToFileTime
CreateFileW
GetDiskFreeSpaceExW
SetFileTime
SetEndOfFile
ReadFile
SetFilePointer
WriteFile
GlobalUnlock
GlobalLock
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
GetFileSize
CreateDirectoryW
LoadLibraryA
WriteProcessMemory
ReadProcessMemory
VirtualProtect
GetSystemTime
LocalFree
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
DeviceIoControl
GlobalFree
GlobalAlloc
lstrcmpW
GetProfileIntW
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
MulDiv
LocalAlloc
ExitProcess
SetUnhandledExceptionFilter
GetWindowsDirectoryW
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
MoveFileExW

user32

ReleaseDC
SetRect
InvalidateRect
GetSystemMetrics
ClientToScreen
TrackPopupMenu
RegisterWindowMessageW
SendMessageTimeoutW
GetDlgItemInt
SetDlgItemInt
GetMenuItemCount
DeleteMenu
AppendMenuW
LoadMenuW
GetSubMenu
ModifyMenuW
CheckMenuItem
WindowFromPoint
GetWindow
SetTimer
DestroyMenu
KillTimer
IsWindowVisible
GetWindowLongW
SetWindowLongW
GetWindowThreadProcessId
CreateDialogParamW
ShowWindow
SetWindowPos
FillRect
keybd_event
EnumWindows
GetClassNameW
EnumChildWindows
CharLowerW
GetMessagePos
FindWindowExW
RemovePropW
GetDlgItem
EndDialog
GetDC
GetDlgItemTextW
BeginPaint
GetWindowRect
GetDesktopWindow
MapWindowPoints
GetClientRect
OffsetRect
CopyRect
ReleaseCapture
SetCursor
LoadCursorW
SetCapture
IsRectEmpty
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DispatchMessageW
LoadIconW
DrawIcon
EndPaint
GetWindowTextW
SetWindowTextW
SendMessageW
SetFocus
GetParent
GetAncestor
PostMessageW
CallWindowProcW
GetAsyncKeyState
CallNextHookEx
GetMessageW
LoadStringW
PtInRect
TrackMouseEvent
DefWindowProcW
DrawTextW
UpdateWindow
UnhookWindowsHookEx
SetWindowsHookExW
GetForegroundWindow
MessageBoxW
PostThreadMessageW
CharNextW
GetKeyState
GetCursorPos
ScreenToClient
GetPropW
SetPropW
wsprintfW
CheckDlgButton
IsDlgButtonChecked
EnableWindow
GetCapture
GetDCEx
EqualRect
DestroyIcon
InflateRect
SetDlgItemTextW
LoadBitmapW
IsChild
PeekMessageW
IsWindow
TranslateMessage
DialogBoxParamW

gdi32

GetDIBits
GetDeviceCaps
SaveDC
SetMapMode
SetViewportOrgEx
SetWindowOrgEx
SetROP2
UnrealizeObject
PatBlt
RestoreDC
CreateBitmap
CreatePatternBrush
SetTextColor
GetObjectW
CreateFontIndirectW
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
CreatePen
CreateSolidBrush
SelectObject
Rectangle
DeleteObject
SetBkMode
GetStockObject

advapi32

CopySid
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegDeleteValueW
OpenProcessToken
RegQueryValueExW
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
GetTokenInformation

shell32

ShellExecuteExW
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoTaskMemFree
OleDraw
ReleaseStgMedium
RegisterDragDrop
RevokeDragDrop
CoCreateGuid
StringFromCLSID
CoInitialize
CoCreateInstance
CoUninitialize
StringFromIID
CreateStreamOnHGlobal

oleaut32

OleLoadPicture
SysAllocStringLen
SysAllocString
SysFreeString
LoadTypeLi
RegisterTypeLi

msvcrt

memset
wcsncmp
_ftol
_except_handler3
_wtoi
wcslen
_snwprintf
__CxxFrameHandler
strstr
strcmp
strncpy
strcat
strchr
fclose
fgets
fread
ftell
fseek
memcpy
??2@YAPAXI@Z
vswprintf
swprintf
iswdigit
memmove
wcsstr
wcscat
time
_beginthreadex
wcscmp
_snprintf
wcsncpy
wcsrchr
wcscpy
memcmp
wcschr
_wcsicmp
strlen
swscanf
wcstod
iswspace
free
fwrite
malloc
_wfopen
_wcsnicmp
abs
fwprintf
_strlwr
strncat
_ismbslead
fprintf
_strnicmp
rewind
_CxxThrowException
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
wcspbrk
strcpy
sprintf
isalnum
_ui64tow
_wtol
wcsncat
_wtoi64
_ui64toa

setupapi

SetupIterateCabinetW

netapi32

Netbios

gdiplus

GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage
GdipDisposeImage
GdipFree
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStream
GdipAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Rundll32_Update

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.phoenix
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6f6bd6e4ace058f4c2bcb4978074dde9

Headers

File Characteristics

Imports

version

urlmon

wininet

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcrt

setupapi

netapi32

gdiplus

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 24KB - Virtual size: 1.1MB

.phoenix Size: 48KB - Virtual size: 46KB

.rsrc Size: 228KB - Virtual size: 224KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 24KB - Virtual size: 1.1MB

.phoenix
Size: 48KB - Virtual size: 46KB

.rsrc
Size: 228KB - Virtual size: 224KB

.reloc
Size: 20KB - Virtual size: 17KB