0637d299678c78b0d0be1b2b03bc4a02_JaffaCakes118

General

Target

0637d299678c78b0d0be1b2b03bc4a02_JaffaCakes118
Size

12KB
MD5

0637d299678c78b0d0be1b2b03bc4a02
SHA1

85c8fd316b113f8b3cf450d9d4f933db4cae0fe4
SHA256

7b91b8ef426764422601e5c7b2221193a23a81542f3d33b0c93e1cfe9f30a445
SHA512

a6348a20a6ad8b957eb03ca505e04cbcf9a7b2387cd0d0b8ded69f84419d006554442b493e61b4de203da7144d330c36e24444710f374c782e20cc639e3fa64c
SSDEEP

192:8fhaj3pkiZ721dnTsVybOsOJRDgv9eVYGPIDZ0dSNZ7hVrA6n3pK+Swj:85gZkiZ7211TswbQu9eVYL0dSNlhVpnl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0637d299678c78b0d0be1b2b03bc4a02_JaffaCakes118

Files

0637d299678c78b0d0be1b2b03bc4a02_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

357ce0f0c438c1167c96e7b26512e7f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

wininet

InternetConnectA
InternetCloseHandle
FtpGetFileA
InternetOpenA
InternetGetConnectedState

mfc42

ord6010
ord5186
ord354
ord5442
ord6385
ord1979
ord665

msvcrt

_stricmp
_initterm
free
_onexit
time
srand
rand
strcmp
sprintf
strlen
__CxxFrameHandler
strcat
memset
strcpy
malloc
__dllonexit
_adjust_fdiv

kernel32

CloseHandle
GetLastError
CreateRemoteThread
GetProcAddress
LoadLibraryA
WriteProcessMemory
Sleep
FreeLibrary
GetWindowsDirectoryA
DeleteFileA
GetCommandLineA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
VirtualAllocEx
GetCurrentProcess

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMyOnTimeAction
DllRegisterServer
DllUnregisterServer
Dll_JustWorking

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

357ce0f0c438c1167c96e7b26512e7f1

Headers

File Characteristics

Imports

winmm

wininet

mfc42

msvcrt

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 512B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B