2e7f744d378f788eaf862ab87554cb3f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2e7f744d378f788eaf862ab87554cb3f_JaffaCakes118
Size

204KB
MD5

2e7f744d378f788eaf862ab87554cb3f
SHA1

318bbab1be06575141c7067220288b9bb4f39202
SHA256

77c8c62f7efc5cb666edffd0f021367f8be75fac8f51bacd2e5a33f0d404f3ae
SHA512

19ec9c7e856458e33f7c8f4ae537511571e61eea4421d22a7a2d02e43f813dabfdfff886ccd37c1af5a207ddd1dd9eb99a8d78788555b175ac461a7fafd0ef57
SSDEEP

3072:siLJRQiug3CjFr/Ot/U4TDtqqEmvUB+EFBPZdBfIFQ0LFC8cd:Ug3dBtqpmvUB1ZjfIa3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e7f744d378f788eaf862ab87554cb3f_JaffaCakes118

Files

2e7f744d378f788eaf862ab87554cb3f_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4553f0c0eddb8b065766cdb39f9cb2b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToFileA

kernel32

GetVersionExA
WinExec
CloseHandle
ReadFile
TerminateThread
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
DeleteFileA
Sleep
lstrcmpA
GetCurrentProcess
FlushInstructionCache
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
lstrcpyA
GetProcAddress
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
GlobalUnlock
GlobalAlloc
GlobalLock
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
lstrcmpiA
IsDBCSLeadByte
lstrcpynA
GetFileSize
CreateFileA
GetLastError
MultiByteToWideChar
lstrlenA
LocalFree
lstrlenW
GetShortPathNameA
LoadResource
FindResourceA
FreeLibrary
WideCharToMultiByte
SizeofResource
GetModuleFileNameA
LoadLibraryExA

user32

GetDC
CallWindowProcA
TranslateMessage
EnumChildWindows
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
DestroyWindow
SendMessageA
GetDlgItem
GetParent
GetClassNameA
CheckMenuRadioItem
GetDesktopWindow
wsprintfA
MapWindowPoints
GetWindowRect
CharUpperA
CreateWindowExA
MessageBoxA
SetCursor
CreateAcceleratorTableA
CharNextA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
GetWindow
SetWindowLongA
SetWindowTextA
GetWindowTextA
SetActiveWindow
GetWindowTextLengthA
GetWindowLongA
GetSysColor
SetFocus
IsChild
GetFocus
ScreenToClient
EndPaint
FillRect
GetClientRect
BeginPaint
SetWindowPos
IsWindow
RedrawWindow
ReleaseDC
CopyRect
GetKeyState
DrawFrameControl
GetSystemMetrics
GetMessagePos
DispatchMessageA
ShowWindow
GetComboBoxInfo
DrawEdge
AppendMenuA
MoveWindow
CreatePopupMenu
TrackPopupMenu
FrameRect
UpdateWindow
CallNextHookEx
LoadImageA
IsWindowVisible
InflateRect
GetWindowDC
OffsetRect
GetSysColorBrush
GetMenuItemInfoA
SystemParametersInfoA
DrawTextA
SetRectEmpty
UnhookWindowsHookEx
SetWindowsHookExA
DestroyMenu

gdi32

SetTextColor
CreatePen
BitBlt
SelectObject
DeleteDC
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
GetDeviceCaps
GetObjectA
CreateSolidBrush
CreateFontA
EnumFontFamiliesExA
GetStockObject
SetBkMode
SetBrushOrgEx
CreateFontIndirectA
CreatePatternBrush
CreateBitmap
SetBkColor
CreateDIBSection
GetTextExtentPointA
PatBlt
CreateRectRgnIndirect
PolylineTo
SelectClipRgn
MoveToEx

advapi32

RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemAlloc
OleUninitialize
CoCreateInstance
CoTaskMemFree
OleRun
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
OleLockRunning
RegisterDragDrop
ReleaseStgMedium
OleInitialize
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

VarUI4FromStr
SysStringByteLen
GetErrorInfo
VariantInit
SysAllocStringByteLen
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
VariantChangeType
VariantClear
SysAllocStringLen
OleCreateFontIndirect
SysFreeString
LoadRegTypeLi
SysAllocString
RegisterTypeLi
LoadTypeLi
SysStringLen

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_LoadImageA
InitCommonControlsEx
ImageList_GetImageCount
ImageList_Draw

msvcrt

strcpy
time
localtime
mktime
difftime
wcscpy
_ftol
wcstod
wcstol
_CxxThrowException
memmove
wcscmp
_beginthread
atoi
sprintf
strstr
fopen
fgets
fputs
strtok
fclose
remove
rename
strlen
_purecall
memcmp
memset
??2@YAPAXI@Z
memcpy
realloc
wcslen
malloc
??3@YAXPAX@Z
_itoa
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
?terminate@@YAXXZ
_onexit
__dllonexit
_except_handler3
_EH_prolog
__CxxFrameHandler
free

msvcp60

?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0Init@ios_base@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1_Winit@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??1Init@ios_base@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0_Winit@std@@QAE@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4553f0c0eddb8b065766cdb39f9cb2b3

Headers

File Characteristics

Imports

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 16KB - Virtual size: 14KB