17b8dc279838a307e96255d9e0571f89_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17b8dc279838a307e96255d9e0571f89_JaffaCakes118
Size

1008KB
MD5

17b8dc279838a307e96255d9e0571f89
SHA1

8dc99c19224da2bac36cac15c67e0518dbf01806
SHA256

cbf6721ef994e885786c9a0eb7f7069eb64b5533f58ae4de718e621bc72b9165
SHA512

a5ac51fdec266ba937f017e3d807a0a0e6e55697534c956168b8d877050a429135709b061361abbac286fc9c2ac0a6024f0c805b2869fdd2aa45281e756debb7
SSDEEP

24576:DEnnW2P7wmp1j85HMixuVBdmjqRsRoRykVb:DEnnW2hp10z6nmjUXykVb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17b8dc279838a307e96255d9e0571f89_JaffaCakes118

Files

17b8dc279838a307e96255d9e0571f89_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4219b23df5503104ba8f97243d4a1251

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

sendto
connect
recvfrom
WSASetLastError
WSAGetLastError
WSAAsyncSelect
send
listen
getsockname
accept
WSAStartup
inet_addr
WSACleanup
getpeername
recv
select
closesocket
gethostbyname
htonl
htons
ioctlsocket
socket
inet_ntoa
bind

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

TerminateProcess
GetExitCodeProcess
WaitForSingleObject
CreatePipe
PeekNamedPipe
CreateProcessA
GetStdHandle
GetCurrentThreadId
GetLocaleInfoA
LoadResource
FindResourceA
DebugBreak
LocalFree
FormatMessageA
GetCurrencyFormatA
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
LoadLibraryExA
DisableThreadLibraryCalls
IsDBCSLeadByte
SizeofResource
lstrcpyA
lstrcatA
WriteFile
GetThreadLocale
lstrcmpA
GlobalFree
GetStartupInfoA
EnumResourceNamesA
GetVersionExA
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetACP
InterlockedExchange
GetCommandLineA
FreeLibrary
RaiseException
MulDiv
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
lstrlenW
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
InterlockedIncrement
WideCharToMultiByte
Sleep
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
lstrcpynA
lstrlenA
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
LoadLibraryA
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
HeapDestroy
HeapCreate
ExitProcess
LCMapStringA
LCMapStringW
HeapSize
GetStringTypeA
GetStringTypeW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
TlsSetValue
TlsFree

user32

CharUpperA
GetSysColorBrush
DrawFrameControl
SetRectEmpty
GetAsyncKeyState
EnumWindows
GetLastActivePopup
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
EnumChildWindows
GetFocus
CopyIcon
LoadBitmapA
GetWindowThreadProcessId
DeferWindowPos
SetWindowRgn
AdjustWindowRectEx
SetScrollInfo
GetScrollInfo
SetParent
IsChild
SetScrollRange
GetScrollRange
GetNextDlgTabItem
EnableWindow
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
GetSystemMenu
GetMenu
GetMessagePos
GetMessageA
IsWindowEnabled
IsDialogMessageA
TranslateMessage
UpdateWindow
MoveWindow
CharLowerBuffA
wvsprintfA
EndPaint
BeginPaint
CharNextA
MessageBoxA
GetDlgItem
SetFocus
SetWindowTextA
EndDialog
GetWindow
MapWindowPoints
RegisterWindowMessageA
DialogBoxParamA
ShowWindow
GetClassInfoExA
RegisterClassExA
DestroyWindow
LoadCursorA
SetMenuItemInfoA
SystemParametersInfoA
SetForegroundWindow
GetWindowDC
TrackPopupMenuEx
GetKeyState
GetMenuItemInfoA
GetMenuStringA
MessageBeep
GetScrollPos
SetCursorPos
PtInRect
FindWindowExA
GetClassLongA
SetClassLongA
DrawTextExA
GetClassNameA
SetActiveWindow
EnableMenuItem
ModifyMenuA
CheckMenuItem
GetMenuState
SetMenu
DrawMenuBar
MonitorFromPoint
GetMonitorInfoA
DestroyMenu
DrawEdge
RemoveMenu
InsertMenuA
GetMenuItemCount
AppendMenuA
CreatePopupMenu
CreateMenu
IsMenu
CreateIconIndirect
CharLowerA
GetSystemMetrics
GetDesktopWindow
DestroyIcon
DrawIcon
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
GetCursorPos
GetActiveWindow
GetCapture
WindowFromPoint
ReleaseDC
GetDC
GetIconInfo
CreateWindowExA
DrawStateA
FillRect
DrawTextA
DrawFocusRect
FrameRect
SetCursor
ReleaseCapture
DestroyCursor
LoadImageA
GetSysColor
LoadStringA
OffsetRect
InflateRect
CopyRect
SetWindowPos
IsWindow
GetDlgCtrlID
GetParent
SetCapture
RedrawWindow
InvalidateRect
ScreenToClient
ClientToScreen
GetClientRect
GetWindowRect
GetWindowTextLengthA
GetWindowTextA
SendMessageA
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
PeekMessageA
DispatchMessageA
KillTimer
SetTimer
PostMessageA
UnregisterClassA
LoadIconA

gdi32

ExcludeClipRect
IntersectClipRect
RestoreDC
SaveDC
GetTextColor
CreateBrushIndirect
CreatePenIndirect
GetDIBits
GetBkMode
GetPixel
Ellipse
DeleteDC
StretchBlt
CombineRgn
SetRectRgn
CreateRectRgn
GetTextMetricsA
CreateRectRgnIndirect
CreatePatternBrush
GetTextExtentPoint32A
SetPixel
TextOutA
Rectangle
GetCurrentPositionEx
CreateICA
PatBlt
GetDeviceCaps
GetStockObject
GetCurrentObject
GetObjectA
LPtoDP
DPtoLP
ExtTextOutA
CreatePen
CreateSolidBrush
CreateFontIndirectA
GetClipBox
DeleteObject
CreateCompatibleBitmap
LineTo
MoveToEx
SetWindowOrgEx
SetBkMode
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
SetStretchBltMode

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

shell32

SHGetMalloc
DuplicateIcon
Shell_NotifyIconA
SHFileOperationA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ExtractIconExA
ShellExecuteA

ole32

CreateStreamOnHGlobal
CoTaskMemFree
ProgIDFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal

oleaut32

VariantInit
VariantClear
LoadTypeLi
SysAllocString
SysStringLen
LoadRegTypeLi
VariantCopy
VariantChangeType
OleLoadPicture
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetElemsize
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
SysStringByteLen
VariantTimeToSystemTime
UnRegisterTypeLi
RegisterTypeLi
DispCallFunc
VariantCopyInd
VarUI4FromStr
SysAllocStringLen
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 552KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4219b23df5503104ba8f97243d4a1251

Headers

File Characteristics

Imports

wsock32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 552KB - Virtual size: 549KB

.rdata Size: 184KB - Virtual size: 181KB

.data Size: 92KB - Virtual size: 97KB

.rsrc Size: 120KB - Virtual size: 116KB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 552KB - Virtual size: 549KB

.rdata
Size: 184KB - Virtual size: 181KB

.data
Size: 92KB - Virtual size: 97KB

.rsrc
Size: 120KB - Virtual size: 116KB

.reloc
Size: 56KB - Virtual size: 55KB