2f5a438430d538ac175cd6e31ecf3145_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f5a438430d538ac175cd6e31ecf3145_JaffaCakes118
Size

168KB
MD5

2f5a438430d538ac175cd6e31ecf3145
SHA1

189a4e9e362022973e4390ee6f9cc031933ac544
SHA256

fc981eb377bb49ca7c35eeafc6190ef21be6a64da7a49ebae0b2c90fabad0be3
SHA512

d13eb1b165fd3da19f1399eb4c54e0aee3bd4ce07b10080e9099b89af714fe5ad88b961815cb609e519132d49183e376b81452900e6deb5bfab7e714d009ed59
SSDEEP

3072:+Sp+bUwG0xDVFmhBFmUbqGZJI6TMkToLcBBEY2EI:B+bUw7xDVcjbnbFMkTo5Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f5a438430d538ac175cd6e31ecf3145_JaffaCakes118

Files

2f5a438430d538ac175cd6e31ecf3145_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d916a2f9ca5ce1a285be2b396856ed46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCheckConnectionA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

urlmon

CoInternetCompareUrl
UrlMkSetSessionOption
ObtainUserAgentString
URLDownloadToFileA
IsValidURL

kernel32

GetModuleFileNameA
InterlockedExchange
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
MultiByteToWideChar
GetLastError
WideCharToMultiByte
lstrlenW
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
lstrcatA
ExitProcess
FreeResource
GetSystemTime
Sleep
lstrcatW
lstrcpyW
CreateProcessA
CloseHandle
lstrlenA
WaitForSingleObject
CreateThread
WriteFile
LockResource
SetFileTime
CopyFileA
GetFileTime
CreateFileA
GetVersion
SetFilePointer
VirtualQuery
GetSystemInfo
VirtualProtect
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetCPInfo
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
GetCurrentProcessId
TerminateThread
lstrcpyA
lstrcmpiA
GetTickCount
DisableThreadLibraryCalls
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
ReadFile
SetStdHandle
QueryPerformanceCounter
TlsAlloc
TlsGetValue
SetLastError
TlsFree
HeapSize
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
GetCommandLineA
TlsSetValue
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
HeapFree
RaiseException
RtlUnwind
FlushFileBuffers

user32

CharNextA
IsWindow
GetDoubleClickTime
GetActiveWindow
SetCaretBlinkTime
EnableWindow
GetSystemMetrics
UpdateWindow
FindWindowA
GetScrollPos
GetSubMenu
GetFocus
GetKeyboardType
GetDC
GetMessagePos
ReplyMessage
EnumWindows
wsprintfA
wsprintfW
SetTimer
EndDialog
GetLastActivePopup
DestroyMenu
DeleteMenu
CallMsgFilterA
KillTimer

gdi32

GetBkColor

advapi32

RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteValueA
RegCreateKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2

oleaut32

SafeArrayAccessData
VariantClear
DispCallFunc
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysStringLen
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
RegisterTypeLi
SysFreeString
VarUI4FromStr
VariantInit

shlwapi

PathFindExtensionA

comctl32

GetMUILanguage
InitCommonControlsEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d916a2f9ca5ce1a285be2b396856ed46

Headers

File Characteristics

Imports

wininet

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 4.6MB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 4.6MB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 20KB - Virtual size: 19KB