06eeee842e688311a0be4ef1509e6440_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

06eeee842e688311a0be4ef1509e6440_JaffaCakes118
Size

92KB
MD5

06eeee842e688311a0be4ef1509e6440
SHA1

203ca6cc0f893fa865cd37b3017eb8c15e19054e
SHA256

42684ab4fb28521863e934406f0b846402ac8180541bceee49cce2b90a37ee9b
SHA512

4d98faa1a74154ef03097d5d45d859ad9c9e645d803574a0654493c23df7a940ddd19c6ef6ae1f1f3790b91049d5fc3d9760cb01326b57d3cdce21f2c7d72647
SSDEEP

768:9nay7Vkz2cKUCoa6D3PoMyCddJ2OWi2CAw+wJo+L6IzCh6LhmMfTwoEocnHOQPtS:9n427VOVyuWD9wJ0k9mM/bkt4QbYD5/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06eeee842e688311a0be4ef1509e6440_JaffaCakes118

Files

06eeee842e688311a0be4ef1509e6440_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

77aff5542bc6cade7421f14325041d55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteValueA
SHDeleteKeyA
SHSetValueA
SHGetValueA

kernel32

DeleteFileA
GetWindowsDirectoryA
GetVolumeInformationA
Sleep
GetShortPathNameA
GetProcAddress
LoadLibraryA
FreeLibrary
OpenProcess
ReadProcessMemory
GetModuleHandleA
GetPrivateProfileStringA
GetPrivateProfileSectionA
LoadLibraryExA
SetErrorMode
GetLastError
CreateDirectoryA
FindClose
FindNextFileA
CopyFileA
FindFirstFileA
RemoveDirectoryA
MoveFileExA
ReleaseMutex
WaitForSingleObject
CreateMutexA
lstrlenA
GetTickCount
CloseHandle
ReadFile
CreateFileA
WriteFile
lstrcatA
lstrcpyA
LockResource
SizeofResource
LoadResource
FindResourceA
GetVersionExA
DeviceIoControl
SetFilePointer
GetModuleFileNameA

user32

LoadStringA
CharLowerA
CharUpperA
CharNextA

advapi32

RegFlushKey
RegQueryInfoKeyA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegEnumValueA
RegSetValueExA
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
RegCloseKey

ole32

OleUninitialize
OleInitialize

urlmon

URLDownloadToFileA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

msvcrt

_beginthreadex
strchr
malloc
strrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
strncpy
_mbsstr
memmove
atol
sscanf
fprintf
fseek
_strnicmp
rewind
__dllonexit
_onexit
_initterm
_adjust_fdiv
strcmp
fgets
free
sprintf
time
_snprintf
__CxxFrameHandler
strcat
strstr
_except_handler3
strlen
strcpy
fopen
fwrite
fclose
memcpy
memset

setupapi

SetupIterateCabinetA

Exports

Exports

CnsMinEx
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77aff5542bc6cade7421f14325041d55

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

ole32

urlmon

version

msvcrt

setupapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 40KB - Virtual size: 37KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 40KB - Virtual size: 37KB

.reloc
Size: 4KB - Virtual size: 3KB