1453f5647092ad563fd83c4b36f32e49_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1453f5647092ad563fd83c4b36f32e49_JaffaCakes118
Size

436KB
MD5

1453f5647092ad563fd83c4b36f32e49
SHA1

95f47e935fd4dd7f6a63511953e61dc1d74be47e
SHA256

b031b6e2996f66fd678f15ebe6b08518aef91308dc6ce77708d9f32a043d5bec
SHA512

1391ab61ff8280d032fe134fb3ffd3f3f8f788441c421bd064fbc92f30deccc699a4f00e96e1256fecf24fb185ab149ae8b73d27a16514186dcc0743f23d7c02
SSDEEP

6144:WhjTDgMPJo0mrKoiL+3GDEVN7jw9OS1upcUUVhLZnx1B4FGfDxjYOyC2z3gfK:InDggmrKzMGacn1u6UUV7xHA87yluK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1453f5647092ad563fd83c4b36f32e49_JaffaCakes118

Files

1453f5647092ad563fd83c4b36f32e49_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7168206a726a5a12ffbb5c66e26ebba2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

shlwapi

PathFileExistsA

wininet

InternetCloseHandle
FindCloseUrlCache
DeleteUrlCacheEntry
InternetOpenA
InternetOpenUrlA
FindNextUrlCacheEntryA
HttpQueryInfoA
InternetReadFile
FindFirstUrlCacheEntryA

setupapi

SetupIterateCabinetA

user32

BeginPaint
PostMessageA
UnregisterClassA
TranslateMessage
ShowWindow
SetActiveWindow
MoveWindow
GetWindowRect
OpenClipboard
EmptyClipboard
CloseClipboard
LoadCursorFromFileA
CreateWindowExA
GetDlgItem
InvalidateRgn
SetCapture
ReleaseCapture
DestroyAcceleratorTable
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
DestroyCursor
EnableMenuItem
GetClientRect
EndPaint
IsChild
UpdateWindow
CallWindowProcA
SystemParametersInfoA
GetWindowDC
DrawTextA
SetRectEmpty
GetDC
ReleaseDC
FillRect
DrawEdge
OffsetRect
GetMenuItemInfoA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetWindow
GetClassInfoExA
RegisterClassExA
SetWindowPos
RegisterWindowMessageA
CopyRect
DestroyWindow
GetSystemMetrics
SetFocus
LoadImageA
GetSubMenu
InsertMenuA
LoadStringA
PeekMessageA
DispatchMessageA
wvsprintfA
MapWindowPoints
GetMessagePos
GetCursorPos
InvalidateRect
GetFocus
GetWindowLongA
SetWindowLongA
SetWindowsHookExA
WindowFromPoint
SetCursor
ScreenToClient
PtInRect
GetKeyState
GetClassNameA
CallNextHookEx
TrackPopupMenu
SetTimer
CreatePopupMenu
AppendMenuA
CheckMenuItem
DestroyMenu
KillTimer
UnhookWindowsHookEx
GetSysColor
SendMessageA
IsWindowVisible
DefWindowProcA
CharNextA
MessageBoxA
CharLowerA
wsprintfA
IsWindow
GetParent
LoadCursorA
LoadMenuA

gdi32

GetStockObject
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
CreateFontIndirectA
CreateBrushIndirect
SelectObject
SetBkMode
SetBkColor
SetTextColor
GetTextMetricsA
GetTextExtentPoint32A
ExtTextOutA
DeleteObject
CreateFontA
GetObjectA
GetTextExtentPointA

advapi32

RegSetKeySecurity
RegEnumKeyA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegDeleteValueA
RegQueryInfoKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegGetKeySecurity

shell32

ShellExecuteA
SHAddToRecentDocs
SHEmptyRecycleBinA

ole32

CLSIDFromString
CoTaskMemRealloc
ReleaseStgMedium
RegisterDragDrop
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromProgID
OleRun
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoCreateGuid
CoUninitialize

oleaut32

SysStringByteLen
GetErrorInfo
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
SysAllocString
VariantClear
LoadTypeLi
VariantInit
VariantChangeType
VariantCopy
OleCreateFontIndirect
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
DispCallFunc
VarUI4FromStr
RegisterTypeLi
SysFreeString

kernel32

lstrcpynA
RtlUnwind
RaiseException
LocalAlloc
InterlockedExchange
LocalFree
HeapCreate
VirtualFree
VirtualAlloc
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
DisableThreadLibraryCalls
ResumeThread
CreateDirectoryA
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
GetShortPathNameA
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentThread
GetCurrentThreadId
lstrcmpA
GetVersionExA
LCMapStringA
IsDBCSLeadByte
TlsSetValue
CreateThread
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
FindClose
FindNextFileA
FindFirstFileA
GetTickCount
DebugBreak
GetVersion
TerminateThread
Sleep
GetCurrentProcessId
lstrcatA
lstrcpyA
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
OutputDebugStringA
LoadLibraryA
GetLastError
SetLastError
WriteFile
FreeLibrary
GetModuleFileNameA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
MoveFileExA
GetTempPathA
CreateFileA
ExitThread
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetFullPathNameA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
HeapReAlloc
GetCommandLineA
TlsAlloc
TlsFree
TlsGetValue
ExitProcess
TerminateProcess
HeapSize
GetEnvironmentVariableA
IsBadWritePtr
GlobalAlloc
UnhandledExceptionFilter
GetDriveTypeA
LCMapStringW
GetTempFileNameA
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
FlushInstructionCache
GetCurrentProcess
GetProcAddress
FlushFileBuffers
GetCPInfo
InterlockedDecrement
CloseHandle
InterlockedIncrement
DeleteFileA
SetStdHandle
RemoveDirectoryA
lstrlenA
CompareStringW
CompareStringA
SetEndOfFile
SetFilePointer
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
ReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
TBStudioReg

Sections

.text
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7168206a726a5a12ffbb5c66e26ebba2

Headers

File Characteristics

Imports

winmm

shlwapi

wininet

setupapi

user32

gdi32

advapi32

shell32

ole32

oleaut32

kernel32

Exports

Exports

Sections

.text Size: 304KB - Virtual size: 303KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 28KB - Virtual size: 31KB

.SHARED Size: 4KB - Virtual size: 1KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 304KB - Virtual size: 303KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 28KB - Virtual size: 31KB

.SHARED
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 28KB - Virtual size: 25KB