3ebd1949dc0750fc2137e145732aa4af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ebd1949dc0750fc2137e145732aa4af_JaffaCakes118
Size

456KB
MD5

3ebd1949dc0750fc2137e145732aa4af
SHA1

8ea3c1f57c7b8c0c21c45d8cdcb0c5340f74852e
SHA256

ec896f3a27f06284a246c20eff31ae6d972cb9b568613d5ad51b7b06950cbc17
SHA512

4a538fab075610e033d388638cc2e109d30c77cb6352102423e6d9d1dad41bd5be76e0aea7e3c208fd20d75695e8a961ffe3d770717c6fb0e04e50954f2fb032
SSDEEP

6144:g/pizORcjenhklfP92IVyaITFQeewQeeQQeesQee3aQeefQeegb8hoYtUzhXVin+:XzOJhkV9Pct5oyUzh7UhBc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ebd1949dc0750fc2137e145732aa4af_JaffaCakes118

Files

3ebd1949dc0750fc2137e145732aa4af_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

64ee37112a832cc10b923fb485d40139

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mpvis.pdb

Imports

msvcrt

isdigit
isspace
_CIpow
exit
sprintf
calloc
?terminate@@YAXXZ
memmove
vswprintf
_setjmp3
_finite
__CxxFrameHandler
floor
longjmp
_CIacos
_adjust_fdiv
_initterm
rand
time
srand
_ftol
_except_handler3
_purecall
??2@YAPAXI@Z
realloc
free
malloc
??3@YAXPAX@Z

kernel32

GetShortPathNameW
GetShortPathNameA
IsBadWritePtr
IsBadReadPtr
OutputDebugStringW
OutputDebugStringA
lstrcpyW
lstrcmpiW
lstrcmpiA
lstrcatW
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
lstrcpynW
GetModuleFileNameW
GetModuleFileNameA
LocalAlloc
FindResourceW
FindResourceA
GetModuleHandleA
lstrlenW
GetVersionExA
WideCharToMultiByte
IsProcessorFeaturePresent
LockResource
InterlockedExchange
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
FlushInstructionCache
VirtualAlloc
VirtualFree
SetEvent
WaitForSingleObject
RaiseException
CloseHandle
GetLastError
LoadResource
SizeofResource
lstrlenA
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar

advapi32

RegEnumKeyExW
RegEnumKeyExA
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExA
RegCreateKeyExW
RegEnumValueA
RegEnumValueW
RegOpenKeyA
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegSetValueExA
RegSetValueExW
RegCloseKey

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

RegisterTypeLi
SysAllocString
SysFreeString
LoadRegTypeLi
VarUI4FromStr
LoadTypeLi
SysStringLen

user32

GetWindowRect
MonitorFromWindow
ReleaseDC
IsWindow
FillRect
GetClientRect
GetDC
GetSystemMetrics
IsRectEmpty
SetRectEmpty
CopyRect
SetCursor
CallNextHookEx
GetAsyncKeyState
CharNextW
wvsprintfW
SetWindowsHookExW
SetWindowsHookExA
SetWindowLongW
SetWindowLongA
RegisterWindowMessageA
RegisterClassW
RegisterClassA
PostMessageW
PostMessageA
LoadStringW
LoadStringA
LoadCursorW
LoadCursorA
GetWindowLongW
GetWindowLongA
DefWindowProcW
DefWindowProcA
CreateWindowExW
CreateWindowExA
CallWindowProcW
CallWindowProcA
SendMessageA
IsWindowUnicode
ShowWindow
UpdateWindow
UnhookWindowsHookEx
DestroyWindow

gdi32

StretchBlt
SetBkColor
SetTextColor
SetTextAlign
TextOutW
SetStretchBltMode
DeleteObject
GetStockObject

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 280KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64ee37112a832cc10b923fb485d40139

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

ole32

oleaut32

user32

gdi32

winmm

Exports

Exports

Sections

.text Size: 280KB - Virtual size: 277KB

.data Size: 24KB - Virtual size: 24KB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 128KB - Virtual size: 126KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 280KB - Virtual size: 277KB

.data
Size: 24KB - Virtual size: 24KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 128KB - Virtual size: 126KB

.reloc
Size: 16KB - Virtual size: 14KB