f23cf57ad67c91ce99f0b15fc0669908_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f23cf57ad67c91ce99f0b15fc0669908_JaffaCakes118
Size

242KB
MD5

f23cf57ad67c91ce99f0b15fc0669908
SHA1

5235425c35f65b597cd5613cd452eb70abfcede6
SHA256

cf669f79dd2c2ea524a7c7594ad1d2fd9576646f69ea9b9a293c55d19967d059
SHA512

d8d25b46d8662f849df29755cbd2b3d9ed16d0e401537b83922086c259bdc2f4581a6740dbebe70acd26605b9496ffb315a4cbeda5b8828129347e9807e0d967
SSDEEP

6144:47/1347BXyu5bqb97JRlL6k9gXYP8ulsU6AeV:ksoRjkTaeV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f23cf57ad67c91ce99f0b15fc0669908_JaffaCakes118

Files

f23cf57ad67c91ce99f0b15fc0669908_JaffaCakes118
.dll .vbs regsvr32 windows:10 windows x86 arch:x86 polyglot

5138477dd886c1e6777724821b3fc02d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy_s
strncpy_s
_purecall
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_callnewh
free
malloc
memset
memmove_s
wcscpy_s
_XcptFilter
_resetstkoflw
_initterm
_except_handler4_common
_errno
realloc
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
memcmp
__CxxFrameHandler3
_strnicmp
vsprintf_s
_CxxThrowException
_amsg_exit
_wcsicmp
??0exception@@QAE@ABQBD@Z
wcscat_s
_wcsupr_s
wcsrchr
memcpy

iassvcs

IASVariantChangeType

rtutils

TraceVprintfExA
TraceRegisterExW
TraceDeregisterW

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
GetErrorInfo
VarUI4FromStr
SysStringLen
SysFreeString
SafeArrayGetDim
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayCreate
SysAllocString
VariantClear
VariantCopy
VariantInit
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
LoadTypeLi

ole32

CoTaskMemFree
CoTaskMemRealloc
OleRun
CoCreateInstance
CoCreateInstanceEx
CoTaskMemAlloc

advapi32

RegDeleteValueA
CloseServiceHandle
OpenSCManagerA
QueryServiceStatusEx
OpenServiceA
TraceMessage
RegCloseKey
RegCreateKeyExA
GetTraceLoggerHandle
GetTraceEnableFlags
RegSetValueExA
GetTraceEnableLevel
RegQueryInfoKeyA
UnregisterTraceGuids
RegisterTraceGuidsA
RegOpenKeyExA
RegEnumKeyExA

user32

UnregisterClassA
CharNextA

kernel32

GetModuleFileNameW
lstrlenA
lstrcmpiA
WideCharToMultiByte
FreeLibrary
DeleteCriticalSection
GetProcAddress
LoadResource
IsDBCSLeadByte
RaiseException
FindResourceExA
VirtualProtect
GetLastError
MultiByteToWideChar
GetModuleHandleA
VirtualAlloc
LeaveCriticalSection
LoadLibraryExA
EnterCriticalSection
SizeofResource
GetModuleFileNameA
GetComputerNameExW
VirtualQuery
LocalFree
SwitchToThread
TryEnterCriticalSection
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep

ntdll

RtlImageNtHeader

Exports

Exports

Control_RunDLL
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.ionp
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.drn
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fys
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.klcm
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pro
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5138477dd886c1e6777724821b3fc02d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

iassvcs

rtutils

oleaut32

ole32

advapi32

user32

kernel32

ntdll

Exports

Exports

Sections

.ionp Size: 116KB - Virtual size: 116KB

.drn Size: 1024B - Virtual size: 1KB

.fys Size: 3KB - Virtual size: 3KB

.klcm Size: 112KB - Virtual size: 111KB

.pro Size: 8KB - Virtual size: 7KB

.ionp
Size: 116KB - Virtual size: 116KB

.drn
Size: 1024B - Virtual size: 1KB

.fys
Size: 3KB - Virtual size: 3KB

.klcm
Size: 112KB - Virtual size: 111KB

.pro
Size: 8KB - Virtual size: 7KB