b76e8611057d9607c6ce0acc0ba4de2b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b76e8611057d9607c6ce0acc0ba4de2b_JaffaCakes118
Size

38KB
MD5

b76e8611057d9607c6ce0acc0ba4de2b
SHA1

3caa47acec83bbcef51c83894fb164c8a888e482
SHA256

5c59c429be0da0757d2b8a3bb2fe5bfcf9f0a1d967508594a32bdb4b2a910003
SHA512

8832d11dcf99ec549ce094a8973625bc33ade75adf846ebf670c701e46babd40d7a80d1f4bd1ac7e08821b31685c0289ba15ea5c67c52e8d2af8b6ad7354533f
SSDEEP

768:fDo59jjmhlN+wDMwEC/ABFdT3dlStSiqhC+hL:fDGpjmhlLDMwECIBFxDSp+xL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b76e8611057d9607c6ce0acc0ba4de2b_JaffaCakes118

Files

b76e8611057d9607c6ce0acc0ba4de2b_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

0613b0f861e40223577d02efa074c36b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
_vsnwprintf
memset
wcsstr

kernel32

CloseHandle
ReadFile
CreateFileW
PeekNamedPipe
WaitForSingleObject
CreateNamedPipeW
HeapAlloc
ExpandEnvironmentStringsW
DeleteFileW
WriteFile
GetOEMCP
ConnectNamedPipe
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCurrentDirectoryW
GetBinaryTypeW
GetNativeSystemInfo
SetLastError
GetSystemDirectoryW
TerminateThread
ResumeThread
Sleep
VirtualQuery
InterlockedCompareExchange
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
GetModuleFileNameA
InterlockedExchange
LoadLibraryA
GetProcAddress
GetProcessHeap
HeapSize
HeapFree
GetLastError
GetCurrentProcess
TerminateProcess
CreateProcessW
SwitchToThread

ntdll

NtProtectVirtualMemory
NtWriteVirtualMemory
NtGetContextThread
NtSetContextThread
NtAllocateVirtualMemory

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegisterServiceCtrlHandlerExA
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceCtrlDispatcherA
OpenServiceW
OpenSCManagerA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
CreateProcessAsUserW
DuplicateTokenEx
LogonUserA
CloseServiceHandle
DeleteService

shlwapi

PathIsRelativeW

mscoree

_CorDllMain

Exports

Exports

DllInstall
DllRegisterServer
HandlerEx
ServiceMain
_IsOperandReg@8
_ParseInstruction@16
_ParseOperandAddress@8

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 614B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0613b0f861e40223577d02efa074c36b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

ntdll

advapi32

shlwapi

mscoree

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 652B

.reloc Size: 1024B - Virtual size: 614B

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 652B

.reloc
Size: 1024B - Virtual size: 614B