ef69ab91cc813564558969edeef06668_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ef69ab91cc813564558969edeef06668_JaffaCakes118
Size

200KB
MD5

ef69ab91cc813564558969edeef06668
SHA1

aa764b74f5e05086ad8e84f28f71a3ce57a1a508
SHA256

dbcabbc2c3ec02cfde5ded1632f5ee84d8826892fe704c95f3d13bd064fde035
SHA512

ecacaf035bfe8a122a4e43509b3fbb8c95ba8fd6137ffd7e6eee5cc8f7261e3141e27323de39a22e86851af2e98533633e4fe37c87df98d44e477e803b955ed8
SSDEEP

3072:20q0LA67ygN3R3zsc3rM7FNQZK6IuFsqxhwmsYB06R8vzIZwIapw24X6o:Rq0LX/3w2/IuFsqx5sET8vzIhAw24l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef69ab91cc813564558969edeef06668_JaffaCakes118

Files

ef69ab91cc813564558969edeef06668_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

0e236cd419ff889fa0c0d7fe03414b0f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WMPBAND.pdb

Imports

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
SetProcessWorkingSetSize
GlobalDeleteAtom
GlobalAddAtomW
RaiseException
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcmpiW
GetModuleFileNameW
GetModuleHandleW
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrlenW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
lstrcpynW
CompareStringW
GetVersionExW
WaitForSingleObject
GetExitCodeThread
SetLastError
QueryDosDeviceW
GetVersion
CreateFileA
DeviceIoControl
CreateFileW
GetDriveTypeW
lstrcpyW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
Sleep
CloseHandle
CompareStringA
GetFileAttributesW
SetErrorMode
CreateMutexW

msvcrt

_wcsnicmp
wcslen
wcschr
wcscmp
??2@YAPAXI@Z
_initterm
_adjust_fdiv
__dllonexit
_onexit
malloc
memmove
_purecall
??3@YAXPAX@Z
wcsstr
towupper
_wtoi
iswdigit
_wtol
iswspace
_vsnwprintf
_except_handler3
free
wcsncpy
_snwprintf
_beginthreadex
_wcsicmp
wcsncmp
wcsrchr
wcspbrk

uxtheme

CloseThemeData
OpenThemeData
DrawThemeParentBackground

advapi32

RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

ole32

RegisterDragDrop
RevokeDragDrop
StringFromCLSID
CoTaskMemFree
CoCreateInstance
OleLockRunning
CoUnmarshalInterface
CoMarshalInterface
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
LoadTypeLi
RegisterTypeLi
SysStringLen
LoadRegTypeLi
VariantClear
VariantInit
VariantCopy
VariantChangeType

user32

GetWindowLongW
SetWindowLongW
BeginPaint
EndPaint
UnregisterClassW
DestroyAcceleratorTable
GetClientRect
CreateAcceleratorTableW
DefWindowProcW
InvalidateRgn
InvalidateRect
SetFocus
GetFocus
IsWindow
DestroyWindow
GetDC
ReleaseDC
KillTimer
SetTimer
UnregisterHotKey
SetRect
EqualRect
GetWindowRect
GetWindow
GetTopWindow
FillRect
SetLayeredWindowAttributes
GetDesktopWindow
GetClassNameA
GetWindowThreadProcessId
CreateWindowExW
RegisterHotKey
IsIconic
GetParent
SendMessageTimeoutA
RegisterClassW
LoadCursorW
CharNextW
LoadStringW
PostMessageW
ShowWindow
GetClassNameW
FindWindowW
EnumWindows
SetForegroundWindow
SendMessageW
GetCursorPos
IsWindowVisible
CharNextA
GetAsyncKeyState
SetWindowPos

gdi32

GetDeviceCaps

shell32

ShellExecuteExW

shlwapi

PathGetCharTypeA
PathGetCharTypeW

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetAddConnection2W

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e236cd419ff889fa0c0d7fe03414b0f

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

uxtheme

advapi32

ole32

oleaut32

user32

gdi32

shell32

shlwapi

mpr

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text Size: 124KB - Virtual size: 124KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 124KB - Virtual size: 124KB