0649b9faf774edbe94088c6c76595128_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0649b9faf774edbe94088c6c76595128_JaffaCakes118
Size

212KB
MD5

0649b9faf774edbe94088c6c76595128
SHA1

f7632d0b39c85b6766a94d9acb0311edb1c4c7e5
SHA256

294af175f819b52c929305f0047fa438f98f8b86839598ae008760ce264d820d
SHA512

6a9bbae90f21100ffdd99015cb32460b870121ac46df98bba28059b3426bf80592f11f6133ebc5550164afc3baf62c39c8b64b06fe0085392aef95e25ab3588f
SSDEEP

3072:mydMTc7k15AeSRHTMO2jNstA8iNrBg0rtA+BOpGn+KCNXp/NptSuV:TdMTc7k15J2TwjNeA8SpA+iE2HN+G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0649b9faf774edbe94088c6c76595128_JaffaCakes118

Files

0649b9faf774edbe94088c6c76595128_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ec6c53efbe6b648470367b1449ed542c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
SetFilePointer
WriteFile
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
DisableThreadLibraryCalls
Sleep
RaiseException
GetLastError
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GetProcAddress
LoadLibraryW
CreateFileA
SetEndOfFile
CreateThread
CloseHandle
ResetEvent
WaitForSingleObject
OpenEventW
LocalAlloc
lstrlenW
FormatMessageW
GetModuleFileNameW
LocalFree
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LoadLibraryA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
LCMapStringA
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode

user32

UnregisterClassA
MessageBoxW
CharNextW

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree

oleaut32

SysAllocString
LoadTypeLi
LoadRegTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysFreeString

shlwapi

StrToIntW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec6c53efbe6b648470367b1449ed542c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 142KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 144KB - Virtual size: 142KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 11KB