292ab4a2b92dd0fc95e115c6be4f0866_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

292ab4a2b92dd0fc95e115c6be4f0866_JaffaCakes118
Size

1.6MB
MD5

292ab4a2b92dd0fc95e115c6be4f0866
SHA1

212c36d6a10f5c86dcd5696068b7b3dbf1ad4c79
SHA256

a761c0a7a9061427773605145b9f5c2016986da0ab828e4af410e2c66c7638fa
SHA512

ebabcb1cb4579f966af53cec94909a8dda42aa19268feea35c68e9aaa926ef09fc3a6a5a63ec7e6eb4a7f6d9d857d1780d9861b56fd8e828c1c207646d081a38
SSDEEP

24576:5tmxWLxWqxWjxWLmxWSmxWtzWEzWEzWLmxW6mxWMmVTmVvmV0mxW7mxWymxZmxbr:V8iKA/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
292ab4a2b92dd0fc95e115c6be4f0866_JaffaCakes118

Files

292ab4a2b92dd0fc95e115c6be4f0866_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

ac01f74f1342659d2820a1cab74f87af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

HNETWIZ.pdb

Imports

msvcrt

malloc
??2@YAPAXI@Z
wcscmp
wcslen
_vsnprintf
free
_adjust_fdiv
_initterm
wcsncpy
getenv
??3@YAXPAX@Z

shlwapi

ord138
ord74
ord143
ord102
ord120
ord130
ord80
ord94
ord135
ord96
StrToIntW
ord51
StrChrW
ord40
ord93
ord91
ord61
ord101
ord84
ord53
ord16
ord43
StrCpyNW
ord124
ord128
ord97
ord75
ord50
ord107
StrCmpIW
StrCpyW
ord67
ord133
ord117
ord125
ord142
ord56
ord141
ord37
ord136
StrCmpW
StrStrW
ord121
ord123
ord126
ord83
ord55
ord70

kernel32

LoadLibraryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetTempPathA
FindResourceExW
SizeofResource
LoadResource
LockResource
lstrcpynW
lstrcpyW
GetDriveTypeW
GetDriveTypeA
SetComputerNameW
SetComputerNameA
GetComputerNameA
GlobalGetAtomNameW
GlobalGetAtomNameA
FormatMessageA
CreateProcessA
SetFileAttributesA
LoadLibraryA
WritePrivateProfileStringA
GetModuleHandleA
MulDiv
Sleep
SetEvent
LoadLibraryExA
GetVersion
SetLastError
GetComputerNameW
LocalFree
WideCharToMultiByte
LocalAlloc
FreeLibrary
GetProcAddress
GetVersionExA
DisableThreadLibraryCalls
lstrcmpiA
InterlockedIncrement
InterlockedDecrement
GetExitCodeProcess
WaitForSingleObject
CloseHandle
GetCurrentThreadId
lstrcmpA
lstrlenW
WriteFile
lstrlenA
CreateFileA
ExpandEnvironmentStringsA
CreateDirectoryA
GetLastError
MultiByteToWideChar

gdi32

CreateSolidBrush
ExtTextOutW
GetDeviceCaps
CreateCompatibleDC
SelectObject
SelectPalette
RealizePalette
BitBlt
StretchBlt
DeleteDC
SetTextColor
SetBkColor
DeleteObject

user32

BeginPaint
InvalidateRect
SetForegroundWindow
IsWindow
MapWindowPoints
GetWindowRect
OffsetRect
IsWindowVisible
DestroyIcon
SendNotifyMessageW
SetCursor
SetFocus
LoadStringA
LoadIconA
MessageBoxA
EndPaint
wvsprintfA
ClientToScreen
PeekMessageA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
EnableWindow
GetClientRect
FillRect
GetSysColor
UnhookWindowsHookEx
GetParent
GetDlgItem
ShowWindow
CallNextHookEx
GetSystemMetrics
SetPropA
RemovePropA
GetPropA
SetWindowPos
SetRect
GetDC
ReleaseDC
CopyRect

ole32

CoInitialize
StringFromGUID2
CoTaskMemFree
CoUninitialize
CoCreateInstance
CLSIDFromString

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

wininet

InternetOpenW
InternetSetOptionW
InternetCloseHandle

iphlpapi

DeleteIpNetEntry
SendARP
GetAdaptersInfo
GetBestInterface
GetInterfaceInfo

ws2_32

inet_addr
WSAStartup
WSACleanup
gethostbyname

tapi32

lineInitializeExW
lineGetAddressCapsW
lineOpenW
lineNegotiateAPIVersion
lineGetNewCalls
lineGetCallInfoW
lineShutdown
lineClose

urlmon

CreateURLMoniker

shell32

ord155
SHGetSpecialFolderLocation
ShellExecuteExA
ord59
SHFileOperationA
SHFormatDrive
ord71
SHGetPathFromIDListA
SHChangeNotify
SHGetMalloc
SHGetDesktopFolder

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
HomeNetWizardRunDll

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac01f74f1342659d2820a1cab74f87af

Headers

File Characteristics

PDB Paths

Imports

msvcrt

shlwapi

kernel32

gdi32

user32

ole32

oleaut32

advapi32

wininet

iphlpapi

ws2_32

tapi32

urlmon

shell32

Exports

Exports

Sections

.text Size: 86KB - Virtual size: 85KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 86KB - Virtual size: 85KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 8KB - Virtual size: 7KB