40986eb1bd06759704903e2b61623b7e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40986eb1bd06759704903e2b61623b7e_JaffaCakes118
Size

91KB
MD5

40986eb1bd06759704903e2b61623b7e
SHA1

7e4fc3c85ab87a10c821ac2560180788349f1347
SHA256

7df438ce69134a88439a3d089d55ac797c3a2999de2aa6ea6ae129ae2111e644
SHA512

bc5cd4b77f556cae7c6d0025094130b1fb779aa224c1444bf6dc449bf71e880cf92c69ffd7920fbc76b9c0c151b931fb64b24665f90584c776c11e692b041f27
SSDEEP

1536:ws63jtYkZWjIpB5JhVwO4egofAgrtnmF6PIfFw0SOI:pgvpBjhVsxSAgxnNPyw0SOI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40986eb1bd06759704903e2b61623b7e_JaffaCakes118

Files

40986eb1bd06759704903e2b61623b7e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

874f65147aaa61b7566147c99d68fdda

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
MoveFileExA
DebugBreak
HeapAlloc
GetFileSize
CreateFileA
DisableThreadLibraryCalls
GetSystemInfo
HeapCreate
InitializeCriticalSection
HeapReAlloc
DeleteCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrlenW
GetModuleHandleA
FreeLibrary
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
LeaveCriticalSection
CreateFileMappingA
MapViewOfFile
Sleep
_lcreat
RemoveDirectoryA
FindNextFileA
DeleteFileA
InterlockedExchange
GetExitCodeProcess
GetTickCount
GetCurrentProcessId
SetEndOfFile
UnmapViewOfFile
GetTempFileNameA
GetTempPathA
CreateDirectoryA
GetLocalTime
ReadFile
WriteFile
_llseek
_lwrite
_lclose
GetCurrentThreadId
SetFilePointer
WaitForSingleObject
MultiByteToWideChar
FindFirstFileA
FindClose
CopyFileA
CreateSemaphoreA
GetLastError
lstrcmpA
GetShortPathNameA
GetWindowsDirectoryA
CreateProcessA
CloseHandle
LocalFree
GetModuleFileNameA
FindResourceA
LoadResource
SizeofResource
LoadLibraryA
lstrlenA
LocalAlloc
lstrcatA
lstrcpyA
GetCurrentThread
lstrcmpiA
WideCharToMultiByte
_lopen
GetCurrentProcess
GetVersionExA
CompareFileTime
_lread
GetSystemTimeAsFileTime
GetProcAddress
FlushInstructionCache

user32

MsgWaitForMultipleObjects
SendMessageA
BeginPaint
GetClientRect
EndPaint
WaitMessage
GetDC
ReleaseDC
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UpdateWindow
DispatchMessageA
IsChild
DestroyWindow
GetClassInfoExA
LoadCursorA
RegisterClassExA
CallWindowProcA
GetWindowLongA
SetWindowLongA
UnionRect
PtInRect
GetKeyState
DefWindowProcA
MessageBoxA
wsprintfA
TranslateMessage
SetTimer
ShowWindow
RegisterClassA
ValidateRect
PostQuitMessage
KillTimer
IsWindow
GetFocus
CreateWindowExA
CharNextA
PeekMessageA

gdi32

CreateRectRgnIndirect
TextOutA
SetWindowOrgEx
SetTextAlign
SaveDC
LPtoDP
SetMapMode
CreateDCA
GetDeviceCaps
Rectangle
RestoreDC
SetViewportOrgEx
DeleteDC

advapi32

SetSecurityDescriptorDacl
RegCloseKey
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
FreeSid
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenProcessToken
OpenThreadToken
ImpersonateSelf
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
OleLoadFromStream
OleSaveToStream
WriteClassStm

oleaut32

RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
SysStringLen
LoadTypeLi
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
LoadRegTypeLi
VariantChangeType

ws2_32

WSALookupServiceBeginW
WSALookupServiceNextW
ntohs
htons
WSAIoctl
WSASocketA
WSASetLastError
WSAStartup
WSCUnInstallNameSpace
WSCInstallNameSpace
closesocket
WSALookupServiceEnd
WSACleanup
WSAGetLastError
inet_addr
gethostbyname
bind
htonl
socket
listen

wininet

InternetGetConnectedState
InternetQueryOptionA
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NSPStartup
NewDotNetInstall
NewDotNetStartup
NewDotNetUninstall
_Java_TLDApplet_getVersion@8
_Java_TLDApplet_install__Ljava_lang_String_2@12
_Java_TLDInstall_install@8

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

874f65147aaa61b7566147c99d68fdda

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

wininet

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 9KB

.shared Size: 4KB - Virtual size: 8B

.CRT Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 9KB

.shared
Size: 4KB - Virtual size: 8B

.CRT
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB