f41108e4bf007b986041b808c998a0c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f41108e4bf007b986041b808c998a0c8_JaffaCakes118
Size

40KB
MD5

f41108e4bf007b986041b808c998a0c8
SHA1

7d1d4ff5d6573528a0b41749c8aaa432f22212c4
SHA256

4f4c3e506e22ab4c6d48a15a2306ded9e529aadfc854d66b0bebb4de20e772df
SHA512

ba0f195487a27bf4297e2cf09b4aebcac9212cff7521a86c54dc292c4f7051d5b22633431c8a38de624974a431cb92a783e59c61baf4d1a711bb4d47447d9372
SSDEEP

768:3SENIlCjNpapXAuKSVgYWW7DcR+usEPnp9YHeHHH8:CENIlCjNpapX5xBt7Yw0pewn8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f41108e4bf007b986041b808c998a0c8_JaffaCakes118

Files

f41108e4bf007b986041b808c998a0c8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cd4ab7135f91f87572b75ed6a0fdf4be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
WaitForSingleObject
GetLastError
CreateMutexA
IsBadStringPtrA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalAlloc
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
HeapAlloc
GetProcessHeap
GlobalFree
CreateFileA
HeapFree
DeleteCriticalSection
InterlockedExchange
InitializeCriticalSection
LoadLibraryW
ExpandEnvironmentStringsW
LeaveCriticalSection
HeapCreate
EnterCriticalSection
GetVersionExA
GetModuleFileNameA
HeapReAlloc
TerminateThread
ReadFile
lstrcatA
CloseHandle
GetSystemDirectoryA
HeapDestroy

user32

wsprintfA

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CoCreateGuid
StringFromGUID2

ws2_32

WSCInstallProvider
ntohs
htons
WSCGetProviderPath
WSCDeinstallProvider
gethostbyname
WSCEnumProtocols
inet_ntoa

shlwapi

StrStrIA
StrChrA
StrStrA

msvcp60

?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

msvcrt

wcscmp
_beginthreadex
_stricmp
strncpy
strncat
strstr
strncmp
free
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
__CxxFrameHandler
memmove
atoi
??2@YAPAXI@Z
wcsncpy
srand
time

rpcrt4

UuidCreate

Exports

Exports

DllMain
DllRegisterServer
DllUnregisterServer
WSPStartup

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd4ab7135f91f87572b75ed6a0fdf4be

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

ws2_32

shlwapi

msvcp60

msvcrt

rpcrt4

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB