560287915a3c7023f2ede3e1b333ae33_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

560287915a3c7023f2ede3e1b333ae33_JaffaCakes118
Size

212KB
MD5

560287915a3c7023f2ede3e1b333ae33
SHA1

7f4e1f599c335a44e3dea3a06c496e0dcfe0f8cb
SHA256

4dbbdd0f5e5b04069b44b6a557eaa37924d8e604e9a3dc02b8cdf355aa91e0c0
SHA512

6cabde673ad01af181d774248c393d0789680728a1d7edaf3a69c284a8a9a3ccbd28641a71a3bb45905144d6d74440b99176dc2880d463f5598fdcd5080d6b30
SSDEEP

1536:RpUTw2h7w5CvTOvr2FLlIDGNajLErxwnZMoEwjyhBOodKNT6BgJ/P:RRQy2FJwBjmxJuyuodKQCJ/P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
560287915a3c7023f2ede3e1b333ae33_JaffaCakes118

Files

560287915a3c7023f2ede3e1b333ae33_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

811a913615b4c01b6b25596d26050d35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

kernel32

GetCurrentProcess
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
CreateDirectoryA
RtlUnwind
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
HeapSize
GetACP
ExitProcess
TerminateProcess
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
LoadLibraryA
FreeLibrary
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
GetProcessVersion
GetCurrentThreadId
CloseHandle
GetVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalAlloc
GlobalReAlloc
TlsFree
GlobalHandle
GlobalFree
TlsAlloc
LocalAlloc
lstrcmpA
GlobalLock
GlobalUnlock
GetLastError
SetLastError
LocalFree
lstrcpynA
lstrcmpiA
MultiByteToWideChar
lstrlenA
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
DisableThreadLibraryCalls
GetPrivateProfileStringA
lstrlenW
WideCharToMultiByte
WritePrivateProfileStringA
GetCommandLineA

oleaut32

SysFreeString
VariantClear
VariantChangeType
SysAllocStringLen
LoadRegTypeLi
SysStringLen
VariantCopy

comctl32

ord17

atl

ord32
ord30
ord58
ord57
ord18
ord15
ord16
ord21
ord23
ord31

user32

AdjustWindowRectEx
MapWindowPoints
PostMessageA
LoadIconA
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
PostQuitMessage
DestroyMenu
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GrayStringA
DrawTextA
TabbedTextOutA
SetWindowPos
SetWindowLongA
GetDlgItem
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorA
GetSystemMetrics
DispatchMessageA
GetKeyState
LoadStringA
GetWindowTextA
UnhookWindowsHookEx
CallNextHookEx
PeekMessageA
SetWindowsHookExA
SetFocus
GetFocus
EnableWindow
MessageBoxA
SendMessageA
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
GetMenuItemID
GetMenuState
GetSubMenu
GetMenuItemCount
GetClassNameA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetSysColor

gdi32

SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
CreateBitmap
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

811a913615b4c01b6b25596d26050d35

Headers

File Characteristics

Imports

shlwapi

kernel32

oleaut32

comctl32

atl

user32

gdi32

winspool.drv

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 104KB - Virtual size: 117KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 104KB - Virtual size: 117KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 16KB - Virtual size: 12KB