79627b8e3ba04b4cd847c085f4a9f49c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

79627b8e3ba04b4cd847c085f4a9f49c_JaffaCakes118
Size

120KB
MD5

79627b8e3ba04b4cd847c085f4a9f49c
SHA1

6ca1fac798a2c6cbc91337919a3ccb568d1e95db
SHA256

43eede88a1201a1c7b212737fa7c1102bb3ecd09ed9ee5da60cae914d478a751
SHA512

34dff0638874f28b333087cd821f022e4c425903db80f30fa75ba6cb2231df12456f31596ff1b82416711a8dc563ef990ef5c8209e9356d09a7723199e90c637
SSDEEP

3072:6eu9tUxa5UqOzvcS9Twrsl0m6IzXr2Yo6e:6cxa5azvckTwrsl0m6+XaY8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79627b8e3ba04b4cd847c085f4a9f49c_JaffaCakes118

Files

79627b8e3ba04b4cd847c085f4a9f49c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

49677f00ebd75cc6cc146b4ea9ff9a90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
lstrcpyA
lstrcatA
HeapDestroy
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
LoadLibraryExA
lstrcpynA
GetCurrentProcess
IsDBCSLeadByte
InitializeCriticalSection
DisableThreadLibraryCalls
lstrcmpiA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
GetTickCount
GetLastError
FlushInstructionCache
GetProcAddress
LoadLibraryA
lstrlenA

user32

LoadStringA
CharNextA

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
ProgIDFromCLSID
CoTaskMemAlloc

oleaut32

RegisterTypeLi
LoadTypeLi
SysAllocString
LoadRegTypeLi
GetErrorInfo
SysAllocStringLen
SetErrorInfo
CreateErrorInfo
SafeArrayUnaccessData
SafeArrayAccessData
DispCallFunc
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
VarUI4FromStr
SysStringLen

dk2win32

DK2ReadRandomNumbers
DK2DecrementDownCounter
DK2ReadMemory
DK2ReadDownCounter
DK2SendAlgorithmString
DK2Success
FindDK2
DK2ThroughEncryption
DK2DriverInstalled

msvcrt

wcslen
time
_except_handler3
?terminate@@YAXXZ
__dllonexit
srand
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
rand
memcpy
realloc
wcsncpy
_ultoa
_CxxThrowException
_vsnprintf
atoi
isdigit
strcmp
sprintf
vsprintf
strcpy
strcat
strlen
strncpy
??3@YAXPAX@Z
__CxxFrameHandler
free
_purecall
??2@YAPAXI@Z
memset
malloc
memcmp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49677f00ebd75cc6cc146b4ea9ff9a90

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

dk2win32

msvcrt

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 4KB