0d1c7230a6ff774763fb7a4c0e72c65a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d1c7230a6ff774763fb7a4c0e72c65a_JaffaCakes118
Size

320KB
MD5

0d1c7230a6ff774763fb7a4c0e72c65a
SHA1

9f3c76a34cf0b9a2891d3642254678608f57834b
SHA256

597f57f664271c5fa1432e1d1fe22d19aa257ad67a71b2db5c2301b8a56ccfbc
SHA512

5e34101fc7417a4768a1228cd2905374e9ebe1dcfee36c221a774153376b2f34183f1206b17383ad7379decc14acda70788bcbb5a7e9b8ee7fd2b0d344ccaba6
SSDEEP

6144:t63GWDjPxXCWRujISr3dRedoLzplF2mHhsPFBk:E3GWDzYoE3dRedojF2RBk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d1c7230a6ff774763fb7a4c0e72c65a_JaffaCakes118

Files

0d1c7230a6ff774763fb7a4c0e72c65a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a6d18727f95fc15c45b42599ac392a2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\advlp\bin\Release\adshot.pdb

Imports

kernel32

GetEnvironmentStringsW
GetEnvironmentStrings
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrlenA
lstrcpyA
GetModuleFileNameA
lstrcatA
Sleep
InterlockedIncrement
InterlockedDecrement
lstrcmpiA
GetModuleHandleA
lstrcpynA
IsDBCSLeadByte
CompareStringA
CompareStringW
GetEnvironmentVariableA
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentThreadId
WaitForSingleObject
GetTickCount
ReleaseMutex
SetEvent
ResetEvent
CloseHandle
CreateMutexA
CreateEventA
ReadFile
GetFileSize
CreateFileA
CreateDirectoryA
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetSystemInfo
GetComputerNameA
IsBadReadPtr
CreateMemoryResourceNotification
WriteProfileSectionA
EscapeCommFunction
ResumeThread
CreateThread
FileTimeToSystemTime
WriteFile
GetFileTime
GetCurrentProcess
GetVolumeInformationA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
GetCommandLineA
ExitProcess
FlushFileBuffers
SetStdHandle
SetFilePointer
IsBadCodePtr
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
LocalAlloc
LocalFree
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
VirtualQuery
RtlUnwind

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayCopy
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
DispCallFunc
SysStringLen
LoadRegTypeLi
VariantChangeType
VariantInit
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VariantClear
VarUI4FromStr

shlwapi

StrCmpIW
PathIsURLW
StrToIntA
StrCmpNA
SHCopyKeyA
PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
Run

Sections

.text
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6d18727f95fc15c45b42599ac392a2b

Headers

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 222KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 20KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 224KB - Virtual size: 222KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 20KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 24KB - Virtual size: 22KB