09196cd21471de482ce01ed49bbdeffe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

09196cd21471de482ce01ed49bbdeffe_JaffaCakes118
Size

292KB
MD5

09196cd21471de482ce01ed49bbdeffe
SHA1

96a53a8c8e93cd874000220cab95f3f0af24520c
SHA256

95f3f8d2d0bd22ede228c1f48d3e68d5df55f69e13f7bcd60471aeee0ee60351
SHA512

d058130ac2b23a9a688405600f0f08d312f1de411975a03a0e73a2ee98e506685f83d99df4648b446117a8bfd7fd7378023ac7a71d35e3e0065f211f811209c4
SSDEEP

3072:Fk/+JAmO/alIi5nZP+FtQgsHDWIlFFsBdKskZjj+hwnORHuzlIcuAv:Fk/3J/KpZP+wgO35skpvORHmv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09196cd21471de482ce01ed49bbdeffe_JaffaCakes118

Files

09196cd21471de482ce01ed49bbdeffe_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9d0f82b0d9faeda723e1eebe739ab7be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetTickCount
DeviceIoControl
WaitForSingleObject
ExitProcess
SetLastError
GetLongPathNameA
OpenProcess
CreateMutexA
GetWindowsDirectoryA
GetShortPathNameA
GetCommandLineA
OutputDebugStringA
CopyFileA
GetCurrentProcess
GetCurrentThread
Process32Next
Module32Next
LockResource
SizeofResource
LoadResource
FindResourceA
LoadLibraryA
GetExitCodeThread
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
GetPrivateProfileStringA
GetEnvironmentVariableA
GetExitCodeProcess
SearchPathA
WinExec
HeapAlloc
GetProcessHeap
HeapFree
TerminateProcess
GetTempFileNameA
RemoveDirectoryA
SuspendThread
GetThreadContext
FlushInstructionCache
SetThreadContext
ResumeThread
VirtualProtectEx
GetProcAddress
FreeLibrary
OpenMutexA
GetModuleFileNameA
MoveFileExA
CreateProcessA
Sleep
CloseHandle
CreateFileA
GetLastError
FindFirstFileA
FindNextFileA
FindClose
GetSystemDirectoryA
GetTempPathA
DeleteFileA
MoveFileA
VirtualFreeEx

user32

SendMessageA
DestroyWindow
FindWindowA
ShowWindow
FindWindowExA
keybd_event
SetFocus
SetForegroundWindow
GetWindowThreadProcessId

advapi32

AdjustTokenPrivileges
OpenSCManagerA
CloseServiceHandle
RegOpenKeyExA
RegOpenKeyA
RegCloseKey
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
RegQueryValueExA
RegCreateKeyA
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken
RegSetValueExA

shell32

SHGetSpecialFolderPathA

shlwapi

PathIsDirectoryA
SHGetValueA
PathAppendA
PathRemoveFileSpecA
PathCombineA
PathFindFileNameA
SHDeleteValueA
SHSetValueA
SHDeleteKeyA

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
memcpy
_mbslwr
rewind
fgets
fprintf
strncat
strchr
_mbsstr
sscanf
??2@YAPAXI@Z
??3@YAXPAX@Z
strrchr
_strnicmp
_access
fseek
ftell
fread
strstr
__CxxFrameHandler
strcmp
time
srand
memset
strlen
free
strcpy
malloc
sprintf
_mbsnbcpy
_mbscmp
strcat
_snprintf
atoi
_strdup
_stricmp
_strlwr
fclose
fwrite
fopen
_except_handler3
rand

urlmon

URLDownloadToFileA

Exports

Exports

DllRegisterServer
DllUnregisterServer
Rundll32
ekfs
ekfsEx

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d0f82b0d9faeda723e1eebe739ab7be

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

setupapi

version

msvcrt

urlmon

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 232KB - Virtual size: 228KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 232KB - Virtual size: 228KB

.reloc
Size: 4KB - Virtual size: 3KB