e8415dd95ae7d974bc0f770d8ef275cb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e8415dd95ae7d974bc0f770d8ef275cb_JaffaCakes118
Size

139KB
MD5

e8415dd95ae7d974bc0f770d8ef275cb
SHA1

d54bd217046ffadef3d78e29b27d9050de7e2031
SHA256

83ffbb780520d303486a33d2648629f2a2dd7a09d10fa24caa7ebb2161732bd6
SHA512

44b2e637c4b9d7d27622caf7e83da7c2a872e2806ba0066522be13054697b8123ec0a99e85780c566203bf0817b620154933526666bccaf81a77df1f1788b6e7
SSDEEP

3072:nCfI5yKzhnh7g0Rv96Y8XOLuU2yZKricsrgwZDze:CQ5rzTgoSXhUnZKrarRQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8415dd95ae7d974bc0f770d8ef275cb_JaffaCakes118

Files

e8415dd95ae7d974bc0f770d8ef275cb_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d93bd57f0477389fcbe0e8556947cdaa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Dev\SuperNodes\SNAgent\Release\SNAgent.pdb

Imports

kernel32

lstrcpyA
lstrlenW
GetPrivateProfileStringA
lstrcmpiA
GetShortPathNameA
GetModuleFileNameA
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrcpynA
lstrcmpiW
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcatA
CloseHandle
GetProcAddress
LoadLibraryA
GetVolumeInformationA
FlushFileBuffers
SetStdHandle
VirtualQuery
GetSystemInfo
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualProtect
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
GetCurrentProcess
TerminateProcess
GetModuleHandleA
LCMapStringW
LCMapStringA
IsBadWritePtr
ExitProcess
RaiseException
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetOEMCP
GetCPInfo
TlsFree
SetLastError
TlsGetValue
TlsAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc

user32

CharNextA

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetFileInfoA

ole32

CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateGuid

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantInit
RegisterTypeLi
UnRegisterTypeLi
LoadRegTypeLi
VarUI4FromStr
LoadTypeLi
VariantChangeType
VariantCopy
VariantClear

shlwapi

PathFindExtensionA

netapi32

Netbios

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d93bd57f0477389fcbe0e8556947cdaa

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

netapi32

iphlpapi

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 8KB