026907832521c068fb22108fa36f3365_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

026907832521c068fb22108fa36f3365_JaffaCakes118
Size

80KB
MD5

026907832521c068fb22108fa36f3365
SHA1

66fb0e3d9f0a5f87c4c3e8ef1412e11a4871d2a2
SHA256

8a33cd106d6aacaf49080b1ba5490474ec4631e84f9e5816c1264f5bb3858e66
SHA512

a7ba27935a55252165a5887c1b449b322997c108a1c4ee8acb14cb055d6d994d6bbc9f2cddf6c8d457e33f3c73af1fe08cc1d4c80dd65be4bbf585c8f339c917
SSDEEP

1536:0/7ZnIvdjqPzoGndhnvo86FcICS4ANlMPyLaMEjo:0/GOPzrn29rCM4o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
026907832521c068fb22108fa36f3365_JaffaCakes118

Files

026907832521c068fb22108fa36f3365_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b5f2d682c20d09f5b9473f102ea1a208

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHGetValueA
SHSetValueA
StrStrIA

wininet

InternetOpenA
InternetSetOptionA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile

rpcrt4

UuidToStringA

netapi32

Netbios

user32

RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
DefWindowProcA
wsprintfA
SetWindowPos
GetClassNameA
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
SystemParametersInfoA

advapi32

CryptGenRandom
CryptReleaseContext
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
CryptAcquireContextA

msvcrt

fclose
fwrite
fopen
tmpnam
atoi
toupper
strtok
__dllonexit
_onexit
strncpy
_initterm
_adjust_fdiv
strchr
srand
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@XZ
isupper
isxdigit
??0exception@@QAE@ABV0@@Z
islower
isalnum
__CxxFrameHandler
free
strstr
??3@YAXPAX@Z
??2@YAPAXI@Z
_stricmp
malloc
??1type_info@@UAE@XZ

oleaut32

SysAllocString
VariantClear
GetErrorInfo

ole32

CoInitialize
CoCreateInstance
CoCreateGuid

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

kernel32

MultiByteToWideChar
GetLastError
GetCurrentThread
CreateFileA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetLocalTime
CreateProcessA
WaitForSingleObject
LoadLibraryA
GetProcAddress
FreeLibrary
MoveFileExA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrcpyA
GetWindowsDirectoryA
GetEnvironmentVariableA
GetCurrentDirectoryA
LocalFree
FormatMessageA
DisableThreadLibraryCalls
GetVersion
GetCurrentProcessId
GetSystemDirectoryA
DeleteFileA
GetModuleFileNameA
HeapFree
SleepEx
OpenProcess
CloseHandle
GetTickCount
QueryPerformanceCounter
lstrlenA
QueryPerformanceFrequency
FreeEnvironmentStringsA
GetEnvironmentStrings
SetLastError
GetFullPathNameA
HeapSize
HeapAlloc
GetProcessHeap
InterlockedExchange
Sleep
GetVersionExA
GetThreadTimes

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5f2d682c20d09f5b9473f102ea1a208

Headers

File Characteristics

Imports

shlwapi

wininet

rpcrt4

netapi32

user32

advapi32

msvcrt

oleaut32

ole32

psapi

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 2KB