0b5c66bfbba1de9d1724170558cf130c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b5c66bfbba1de9d1724170558cf130c_JaffaCakes118
Size

260KB
MD5

0b5c66bfbba1de9d1724170558cf130c
SHA1

2c4e88b0ffb6844026b32214b2d2b8e48b1ba1da
SHA256

a8682b80081bef1d89d8ed000139141ffcf76aad77c69c2e97b9f1eca6f07cb3
SHA512

be957e3cabb11b6d303fadd526d7d9567f2350b7b84505c1d8b503ba010fb7e6d6b14956eccf48aa34cc9b837215d12908439edbf41cca94b29ba021623752de
SSDEEP

6144:if6WCJeltTRW+hj+xiJoUJWwIs5wVg6K+JrRz:U6WX1W+heiT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b5c66bfbba1de9d1724170558cf130c_JaffaCakes118

Files

0b5c66bfbba1de9d1724170558cf130c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

bfd1f5119170f7a4e3fc4a5d2297508c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord2546
ord4480
ord6371
ord815
ord2717
ord1128
ord3948
ord3658
ord349
ord2225
ord1863
ord3087
ord2855
ord3569
ord4390
ord2567
ord609
ord3577
ord4392
ord2570
ord4213
ord2015
ord1767
ord616
ord4155
ord2294
ord6307
ord4166
ord3871
ord600
ord1571
ord1250
ord1248
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord1568
ord1173
ord2504
ord269
ord826
ord5283
ord4829
ord4419
ord491
ord540
ord768
ord268
ord2644
ord2385
ord1662
ord795
ord1899
ord6051
ord4073
ord1768
ord4401
ord5237
ord2377
ord5157
ord5727
ord6370
ord4347
ord5286
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3396
ord4616
ord3733
ord561
ord2729
ord1197
ord6024
ord5155
ord5156
ord6330
ord4352
ord4970
ord858
ord4704
ord2455
ord6451
ord2862
ord1644
ord6466
ord2030
ord489
ord800
ord4899
ord4736
ord4942
ord5261
ord4371
ord4848
ord4992
ord2506
ord1115
ord6048
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3397
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4418
ord3716
ord567
ord2371
ord1165
ord823
ord825
ord1560
ord5154
ord861
ord4253
ord2403

atl

ord16
ord21
ord18
ord22
ord15
ord32

kernel32

UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleHandleExW
FreeLibrary
LocalReAlloc
LocalAlloc
LocalFree
FormatMessageW
OutputDebugStringA
GetModuleFileNameW
SetLastError
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
GetLastError
lstrlenW
GetCurrentThreadId
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
lstrcmpiW
SetUnhandledExceptionFilter

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW

ole32

CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree

clusapi

ClusterNodeControl
ClusterGroupControl
ClusterResourceControl
ClusterResourceTypeControl
ClusterNetworkControl
ClusterNetInterfaceControl
ClusterRegQueryValue
ClusterRegSetValue
ClusterRegCloseKey
GetClusterResourceTypeKey
ClusterCloseEnum
CloseClusterNetwork
GetClusterNetworkId
OpenClusterNetwork
ClusterEnum
ClusterOpenEnum

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterCluAdminExtension
DllRegisterServer
DllUnregisterCluAdminExtension
DllUnregisterServer

Sections

.text
Size: 223KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 556KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 245B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfd1f5119170f7a4e3fc4a5d2297508c

Headers

File Characteristics

Imports

mfc42u

atl

kernel32

advapi32

ole32

clusapi

Exports

Exports

Sections

.text Size: 223KB - Virtual size: 524KB

.bss Size: - Virtual size: 556KB

.pdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 245B

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 228B

.text
Size: 223KB - Virtual size: 524KB

.bss
Size: - Virtual size: 556KB

.pdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 245B

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 228B