01c46da04eea1fff80494dd1593d83f2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01c46da04eea1fff80494dd1593d83f2_JaffaCakes118
Size

292KB
MD5

01c46da04eea1fff80494dd1593d83f2
SHA1

f7d5e44dd3d2ae4204137b696d681d9bd409f1fc
SHA256

7145980d03eae8a75e0075cd1322f9e18957a9d4c007b24bb97439d579388256
SHA512

fe1bd7d8da052acdd836be0d5408d7332a194f8985fb30fd2faba804fe892703b480060d6874752f8ac7a7e440f08f3de3d83cebde6be5ff8e0202a164496caa
SSDEEP

6144:eTYwY9BekMLlFpkmr+RaLRJW2K7Q3zM/xmZfNUjtgbw+IE:eT7YXekK1kmr+IbK83Km5Nctpq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01c46da04eea1fff80494dd1593d83f2_JaffaCakes118

Files

01c46da04eea1fff80494dd1593d83f2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

70687f11c915cd08c87cd2d0260fadf9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
InterlockedIncrement
InterlockedDecrement
GetFileAttributesA
CreateDirectoryA
SetEndOfFile
CreateFileMappingA
lstrcmpiA
GetModuleHandleA
lstrcpynA
IsDBCSLeadByte
Process32Next
CloseHandle
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetBinaryTypeA
GetProcessHeap
GetCurrentDirectoryA
WinExec
DeleteFileA
CopyFileA
SetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
CreateProcessW
GetShortPathNameA
GetDiskFreeSpaceExA
SetFilePointer
GetLogicalDriveStringsA
SearchPathA
WaitForSingleObject
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
CreateEventA
OpenMutexA
GetVolumeInformationA
GetFullPathNameA
Module32Next
Module32First
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
MoveFileExA
SetFileTime
SystemTimeToFileTime
CreateFileA
GetSystemTime
SetSystemTime
ReadFile
GetSystemTimeAsFileTime
DeviceIoControl
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
lstrcpyA
InterlockedExchange
lstrlenA
GetLastError
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
CreateProcessA
GetStringTypeW
GetStringTypeA
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetOEMCP
SetUnhandledExceptionFilter
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetCurrentThreadId
GetCommandLineA
MoveFileA
LCMapStringA
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

CharNextA

advapi32

RegDeleteValueA
OpenServiceA
QueryServiceStatus
OpenSCManagerA
OpenServiceW
CloseServiceHandle
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA
CreateProcessAsUserW
RegOpenKeyA
RegQueryValueExA
RegGetKeySecurity
OpenProcessToken
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetFileInfoA

ole32

CoGetClassObject
StringFromGUID2
CoCreateInstance
CoUninitialize
StringFromCLSID
CoInitialize
CoTaskMemFree

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi
VarUI4FromStr
VariantInit
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

70687f11c915cd08c87cd2d0260fadf9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 164KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 164KB - Virtual size: 164KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 12KB - Virtual size: 12KB