JaffaCakes118_4240bfcbf5e6434f52234fd973814aa0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4240bfcbf5e6434f52234fd973814aa0
Size

952KB
MD5

4240bfcbf5e6434f52234fd973814aa0
SHA1

bd7a9ebcb8090ce304a9a8bc986c3dc7e103c48a
SHA256

29df4967c86a2393aa98f36492368ec17e1414d0f945afac3a90885662ee9281
SHA512

ddfc1f97539b5d28eb6f7dce5eee3ec468dae5abc9d44728db79b4782784809bfde1d062f29eae200c1563ebf31a7a9591c09510bac75f574faa286412dda052
SSDEEP

24576:Rkmzwrsg5T30TVR7azvtVd3hskMMIMMuLG2:umz+sg5T30TVqtVdxskMMIMMuLG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4240bfcbf5e6434f52234fd973814aa0

Files

JaffaCakes118_4240bfcbf5e6434f52234fd973814aa0
.dll windows:6 windows x86 arch:x86

51d0ee33ea6b30bef75cb640e71a1d39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wininet.pdb

Imports

msvcrt

memset
_vsnwprintf
_lock
wcsncmp
bsearch
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_onexit
_wcsnicmp
_wtoi
_wcsicmp
isupper
wcsstr
_purecall
_mbstok
iscntrl
ispunct
_strtoui64
__dllonexit
iswdigit
isalpha
atol
isalnum
_errno
isspace
strpbrk
isdigit
isxdigit
memchr
memcpy
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
_itoa
wctomb
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
_unlock
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
iswlower
iswascii
iswxdigit
wcstol
islower
__isascii
strtol
memmove
iswspace
wcsrchr
strrchr
atoi
realloc
free
malloc
time
wcstok
_vsnprintf

ntdll

RtlUnwind
RtlConvertSidToUnicodeString
RtlMoveMemory

shlwapi

SHRegGetValueW
ord158
SHRegGetValueA
PathAddBackslashW
PathFindFileNameW
StrRChrW
PathRemoveBackslashA
PathRemoveFileSpecA
ord155
PathRemoveBlanksA
PathAddBackslashA
ord157
PathAppendA
ord215
PathUnExpandEnvStringsA
PathRenameExtensionA
SHDeleteKeyA
SHDeleteValueW
StrCmpNIW
StrCmpNIA
StrStrIA
ord151
StrChrW
StrChrA
ord154
ord217
UrlCombineW
UrlCanonicalizeW
ord153
PathCreateFromUrlW
UrlUnescapeA
UrlCombineA
UrlCanonicalizeA
StrToIntW
StrCmpW
StrCmpNA
StrRChrA
StrToIntA
StrStrIW
SHGetValueA
SHSetValueA
SHGetValueW
SHSetValueW
ord437
ord12
StrStrA
PathCombineW
StrChrNW
StrTrimW

advapi32

RegDeleteValueW
RegQueryValueExW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyA
RegEnumKeyA
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
TraceEvent
DuplicateTokenEx
CreateWellKnownSid
SetTokenInformation
CreateProcessAsUserA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegDeleteValueA
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegDeleteKeyA
UnregisterTraceGuids
RegisterTraceGuidsA
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
CryptGetProvParam
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
GetUserNameA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus

kernel32

OpenFileMappingA
CreateFileMappingA
MapViewOfFileEx
FlushViewOfFile
SetEndOfFile
UnmapViewOfFile
OutputDebugStringA
DosDateTimeToFileTime
lstrcmpiW
GetEnvironmentVariableA
GetShortPathNameA
GetShortPathNameW
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
GetDiskFreeSpaceExA
CopyFileA
SetFileTime
CreateDirectoryA
GetWindowsDirectoryA
GetPrivateProfileStringA
GetFileAttributesA
SetFileAttributesA
GetFileAttributesExA
FileTimeToDosDateTime
GetFileSizeEx
lstrcmpW
RaiseException
MoveFileExA
MoveFileExW
MoveFileW
MoveFileA
SetFilePointerEx
LocalFileTimeToFileTime
CreateSemaphoreA
ReleaseSemaphore
GetCurrentProcessId
GetFileTime
lstrcmpA
GetModuleHandleExA
LoadLibraryW
FreeLibraryAndExitThread
ResetEvent
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
DeleteFileW
GetACP
InterlockedExchangeAdd
CreateThread
Sleep
OpenMutexA
GetSystemDirectoryA
FormatMessageA
SetErrorMode
IsDBCSLeadByteEx
SystemTimeToFileTime
SizeofResource
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
GetDateFormatA
GetTimeFormatA
GlobalAlloc
InterlockedCompareExchange
GetCurrentThread
GetCurrentProcess
IsDBCSLeadByte
IsValidCodePage
GlobalFree
GetLongPathNameW
lstrlenW
GetLongPathNameA
DeleteFileA
FormatMessageW
GetModuleHandleA
GetSystemTime
GetModuleHandleW
WritePrivateProfileStringA
GetVersionExA
GetModuleFileNameA
WriteFile
SetFilePointer
CreateFileW
CreateFileA
GetFileSize
ReadFile
FileTimeToSystemTime
LocalReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetTimeFormatW
GetDateFormatW
GetUserDefaultLCID
GetComputerNameA
GlobalUnlock
GlobalLock
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadResource
FindResourceExW
LoadLibraryExW
MapViewOfFile
CreateFileMappingW
GetLocaleInfoW
GetVersionExW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceW
SearchPathW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
SetFileAttributesW
CompareFileTime
WritePrivateProfileStringW
GetFileAttributesW
CreateMutexW
DuplicateHandle
OpenMutexW
OpenEventW
LockResource
ResumeThread
GetTickCount
GetProcAddress
LoadLibraryA
FreeLibrary
InterlockedExchange
CloseHandle
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
CompareStringW
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
CreateEventA
CreateMutexA
CompareStringA
ReleaseMutex
GetCurrentThreadId
LocalFree
LocalAlloc
DeleteCriticalSection
SetEvent
InterlockedIncrement
lstrcmpiA
lstrlenA
InterlockedDecrement
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount

user32

FindWindowW
PostMessageW
RegisterWindowMessageW
ReleaseDC
GetDC
SendDlgItemMessageW
LoadImageW
GetSystemMetrics
IntersectRect
EqualRect
GetWindowRect
GetWindow
SetForegroundWindow
DestroyIcon
SetDlgItemTextW
SetWindowPos
IsWindow
PostMessageA
CharNextExA
EnumWindows
GetAncestor
IsWindowVisible
EnumChildWindows
GetWindowThreadProcessId
IsCharAlphaNumericA
CharLowerW
CharUpperA
CharToOemA
LoadStringW
DialogBoxParamW
GetDesktopWindow
SendDlgItemMessageA
LoadIconA
LoadImageA
LoadStringA
CharLowerA
DestroyWindow
KillTimer
EnableWindow
SetWindowTextW
GetDlgItem
SetFocus
EndDialog
CheckDlgButton
SendMessageW
SendMessageA
IsDlgButtonChecked
DefWindowProcA
SetWindowLongA
GetWindowLongA
RegisterClassW
CreateWindowExW
SetTimer
GetWindowTextW
MessageBoxW
CharNextA
GetWindowInfo

normaliz

IdnToAscii
IdnToUnicode

urlmon

ord423
ord422
ord414
ord416
ord421
ord410
ord408

iertutil

ord670
ord654
ord651
ord650
ord17
ord173
ord16
ord9
ord58
ord32
ord33
ord37
ord50
ord685

Exports

Exports

CommitUrlCacheEntryA
CommitUrlCacheEntryW
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryW
CreateUrlCacheGroup
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DeleteWpadCacheForNetworks
DetectAutoProxyUrl
DispatchAPICall
DllInstall
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpEndRequestA
HttpEndRequestW
HttpOpenRequestA
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGetSecurityInfoByURL
InternetGetSecurityInfoByURLA
InternetGetSecurityInfoByURLW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetSetCookieA
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
ParseX509EncodedCertificateForListBoxEntry
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
ReadUrlCacheEntryStream
ReadUrlCacheEntryStreamEx
RegisterUrlCacheNotification
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath
UrlZonesDetach
_GetFileExtensionFromUrl

Sections

.text
Size: 703KB - Virtual size: 702KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

51d0ee33ea6b30bef75cb640e71a1d39

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

shlwapi

advapi32

kernel32

user32

normaliz

urlmon

iertutil

Exports

Exports

Sections

.text Size: 703KB - Virtual size: 702KB

.data Size: 13KB - Virtual size: 26KB

.rsrc Size: 152KB - Virtual size: 152KB

.reloc Size: 26KB - Virtual size: 25KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 703KB - Virtual size: 702KB

.data
Size: 13KB - Virtual size: 26KB

.rsrc
Size: 152KB - Virtual size: 152KB

.reloc
Size: 26KB - Virtual size: 25KB

.rmnet
Size: 56KB - Virtual size: 60KB