38754f295bec82230fd3d02f9b774c88_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38754f295bec82230fd3d02f9b774c88_JaffaCakes118
Size

951KB
MD5

38754f295bec82230fd3d02f9b774c88
SHA1

5ba8fd1639c4906abbf4fcb17da608d3e0f852da
SHA256

a1eda08a05c46aea0dc63b813b69c1e301191723a993097ca3bb2bea802715f6
SHA512

4b3b1594dde563991785578c096ef70d3935bcf3c0c6bac65abdcfb4509069432d879b40fffe70ee64699920ae6fd3cb82049ef24725873bdd03f5d2a5da913b
SSDEEP

12288:yb+SylBPITa0Jo+GVdiHyWjNm6arYznHOEy7JYb12n5ocrj2XI71X//uTzTIaOhp:ybSp0ROPgnHOEMJY52vri47aTup

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38754f295bec82230fd3d02f9b774c88_JaffaCakes118

Files

38754f295bec82230fd3d02f9b774c88_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

4b2ffbd8722b9cc7a0fbe01e1c7101f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetSetCookieW

kernel32

LoadLibraryExW
lstrcmpiW
FindClose
FindFirstFileW
DisableThreadLibraryCalls
DeleteFileW
WideCharToMultiByte
CreateDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetPrivateProfileStringW
GetPrivateProfileIntW
RaiseException
GetCurrentThreadId
GlobalFree
LockResource
WaitForSingleObject
FindResourceW
LoadResource
SizeofResource
CreateFileA
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetConsoleOutputCP
WriteConsoleA
CreateFileW
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetModuleHandleW
GetConsoleMode
GetConsoleCP
LCMapStringW
VirtualQuery
GetStartupInfoA
SetHandleCount
SetFilePointer
ReadFile
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
GetModuleHandleA
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
IsDebuggerPresent
TerminateProcess
GetFileType
WriteConsoleW
WriteFile
GetStdHandle
DebugBreak
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
GetCommandLineA
HeapValidate
GetSystemTimeAsFileTime
RtlUnwind
GetCurrentThread
CreateFileMappingA
GetSystemInfo
IsProcessorFeaturePresent
LoadLibraryA
VirtualAlloc
VirtualFree
lstrlenA
OutputDebugStringA
OpenEventA
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
CreateProcessW
GetVersionExW
Sleep
GetTickCount
OpenMutexW
CreateMutexW
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
GetCurrentProcessId
CreateThread
GetProcessHeap
HeapAlloc
HeapFree
ReleaseMutex
OutputDebugStringW
InterlockedCompareExchange
SwitchToThread
InterlockedExchange
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
GetLastError
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
GetCurrentProcess
FlushInstructionCache
SetLastError
InterlockedDecrement
InterlockedIncrement
lstrlenW
lstrcpynW
MulDiv
UnmapViewOfFile
CloseHandle
SetEvent
IsBadReadPtr
IsBadWritePtr
FreeEnvironmentStringsA

user32

MoveWindow
CharNextW
SendMessageW
AppendMenuW
CreatePopupMenu
ReleaseDC
GetDC
DestroyMenu
IsWindowVisible
IsWindow
GetClipboardFormatNameW
CopyRect
ChildWindowFromPoint
TrackPopupMenu
GetSystemMetrics
GetCursorPos
SystemParametersInfoW
EqualRect
SetRectEmpty
SetActiveWindow
CallNextHookEx
GetKeyState
UnhookWindowsHookEx
SetWindowsHookExW
GetActiveWindow
DrawEdge
OffsetRect
InflateRect
PtInRect
KillTimer
SetTimer
GetWindowRect
DrawTextW
UnregisterClassW
LoadIconW
LoadImageW
DestroyIcon
WaitForInputIdle
GetPropW
EnumWindows
GetDlgItem
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
ScreenToClient
ClientToScreen
GetClientRect
CreateAcceleratorTableW
GetDesktopWindow
GetParent
GetClassNameW
SetWindowPos
RedrawWindow
BeginPaint
FillRect
EndPaint
IsChild
SetFocus
GetFocus
GetWindow
GetSysColor
DestroyAcceleratorTable
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
ShowWindow
GetWindowLongW
SetWindowLongW
CallWindowProcW
CreateWindowExW
DefWindowProcW
DestroyWindow
PostMessageW
GetWindowDC

gdi32

CreateDIBSection
SetBkColor
ExtTextOutW
Rectangle
SetBkMode
SetTextColor
CreateRectRgn
ExtSelectClipRgn
SelectClipRgn
GetStockObject
GetObjectW
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
CreateFontIndirectW
GetDeviceCaps
DPtoLP
SelectObject
GetTextExtentExPointW
CreatePen
SetDIBitsToDevice

advapi32

OpenThreadToken
RevertToSelf
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
GetSecurityDescriptorSacl
SetSecurityInfo
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
SetThreadToken

ole32

OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CoTaskMemFree
CoTaskMemRealloc
ReleaseStgMedium
OleDuplicateData
RegisterDragDrop
RevokeDragDrop

oleaut32

VariantCopy
SysStringByteLen
SysAllocStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SysAllocString
VariantInit
VariantClear
VariantChangeType
DispCallFunc
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SysStringLen

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_GetIconSize

winmm

timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 621KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b2ffbd8722b9cc7a0fbe01e1c7101f2

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

winmm

Exports

Exports

Sections

.text Size: 621KB - Virtual size: 620KB

.rdata Size: 212KB - Virtual size: 212KB

.data Size: 31KB - Virtual size: 40KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 621KB - Virtual size: 620KB

.rdata
Size: 212KB - Virtual size: 212KB

.data
Size: 31KB - Virtual size: 40KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 37KB - Virtual size: 36KB