0fa6b20d5684c3fb16e47d42b2ff3725_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fa6b20d5684c3fb16e47d42b2ff3725_JaffaCakes118
Size

32KB
MD5

0fa6b20d5684c3fb16e47d42b2ff3725
SHA1

5c261114980fed04e52c9a0ceef088e3b922aa12
SHA256

903e9db9eb313c179aa6721b3067f1199d6ccf723eab7a4a12652f47730bb3d9
SHA512

ab0d8763cf88acdfef8d9da5ab30cb3d5a9c8ac692b58aaf72ed82ccb0b696a0181f900fcbf118d831a3c0b43209b50cfea78eace5d31e66e807ad69444c92d1
SSDEEP

384:bfZj6YYvbHEXmviHCZgQZhX/qOPglUKXYijQLu6vTgLHzV5y0pNMeEiT28Z:Z6PvbHkcgWJ//PpJS6sLHzry0p+e/T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fa6b20d5684c3fb16e47d42b2ff3725_JaffaCakes118

Files

0fa6b20d5684c3fb16e47d42b2ff3725_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cf5c6da4c80a95765f52ca3db57e38fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
SetEvent
CloseHandle
WaitForSingleObject
ExitThread
GetTickCount
lstrlenW
GetModuleHandleA
lstrcpyW
lstrcatW
GetProcessHeap
HeapFree
lstrlenA
IsBadStringPtrA
lstrcmpA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetSystemDirectoryW
lstrcpyA
GetLastError
lstrcmpiA
HeapAlloc
HeapReAlloc
CompareStringW
Sleep
lstrcatA
GetSystemDirectoryA
SetFilePointer
CreateFileA
ReleaseMutex
SetEndOfFile
CreateEventA
CreateMutexA
CreateThread
ReadFile
WriteFile
WriteProcessMemory
GetCurrentProcess
VirtualProtect

user32

wsprintfW
CharUpperW
CharLowerA
GetClassNameA
wsprintfA

advapi32

CryptDecrypt
InitializeSecurityDescriptor
CryptReleaseContext
CryptDestroyKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
CryptDestroyHash
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
SetSecurityDescriptorDacl

ole32

CoGetMalloc
StringFromIID

oleaut32

SysAllocString
SysFreeString

wininet

InternetConnectA
InternetCrackUrlW
InternetCrackUrlA

urlmon

CoInternetCombineUrl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf5c6da4c80a95765f52ca3db57e38fc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

urlmon

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 356B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 356B

.reloc
Size: 1KB - Virtual size: 1KB