0b0166d3445316455bda3f736b6c0302_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b0166d3445316455bda3f736b6c0302_JaffaCakes118
Size

30KB
MD5

0b0166d3445316455bda3f736b6c0302
SHA1

fa0876c3f8aeff8a739d7fa45b5476fe48fb7b9e
SHA256

dc80a04e6b9213d55f623036446dac0f1abc0482e9f87823a1e1410e20d648e9
SHA512

fa3f74fa090839b16a111597c2ea4c66de8ee6fc06c338617593dff7198801c3ac54b68f1ba5162794b813280c061a989471ba8adab26b05ef84edab56326ec7
SSDEEP

768:DJPh2GZUgfT4h33CpkOYD4C5AZXVE5Q2SsKEt3:NPh2GP8zDL5EOQ2Sc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b0166d3445316455bda3f736b6c0302_JaffaCakes118

Files

0b0166d3445316455bda3f736b6c0302_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

de3352aa910a480bc73fbc2eb19fcdf3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
lstrlenA
HeapDestroy
lstrlenW
GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpyW
lstrcatW
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetCurrentProcess
CloseHandle
GetLastError
GetCurrentThread
GetModuleFileNameA
InterlockedExchange
InitializeCriticalSection
CreateThread
DeleteCriticalSection
GetTempPathW
EnterCriticalSection
GetTickCount
LeaveCriticalSection
Sleep
FlushInstructionCache

user32

CharLowerW
CharNextW

advapi32

GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenThreadToken
RegCloseKey
RegQueryValueExA
RegCreateKeyA
OpenProcessToken

ole32

CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysStringLen
LoadTypeLi
RegisterTypeLi
VariantClear
DispCallFunc
SysAllocStringLen
VariantInit
LoadRegTypeLi

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG0@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

shlwapi

StrStrIA

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

msvcrt

strcpy
memcmp
_purecall
memcpy
strlen
wcscat
??2@YAPAXI@Z
wcsstr
wcslen
memset
free
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
wcscpy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de3352aa910a480bc73fbc2eb19fcdf3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp60

shlwapi

wininet

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB