0e427645db877291f4a18b0d6fa02623_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e427645db877291f4a18b0d6fa02623_JaffaCakes118
Size

76KB
MD5

0e427645db877291f4a18b0d6fa02623
SHA1

430f709f8ac84b27802ba324ba2ad6d632fbe3eb
SHA256

d5568875e683fff881ee5d7ba4f94ef2c22a9c412502ea3e33f3bad844bf9676
SHA512

aaa3a8db95237fd7834a03f990f9bbe0a52e5cd460bc05c417684f7062075ead61d42d351f60aa20788ede10a49aeb0021281bf8a9afc0afc80a251de9d6659c
SSDEEP

1536:FeT6vdJvh1crepSKvsIh5//TI8Qk1QYQrY9lOI:FeTSdJvhui0KkS/r7QrY9lOI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e427645db877291f4a18b0d6fa02623_JaffaCakes118

Files

0e427645db877291f4a18b0d6fa02623_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9d1bc24941b9d5b80b06be10ae1fe13f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnmapViewOfFile
GlobalFree
GlobalAlloc
SetFilePointer
lstrcpyA
MapViewOfFile
CloseHandle
SetEndOfFile
lstrcatA
GetWindowsDirectoryA
WriteFile
GetLastError
GetProcAddress
LoadLibraryA
ReadFile
GetFileSize
CreateFileMappingA
CreateFileA
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
FreeLibrary
GetShortPathNameA
WideCharToMultiByte
VirtualAlloc
ExitProcess
TerminateProcess
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
IsBadCodePtr
SetUnhandledExceptionFilter
RaiseException
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
DisableThreadLibraryCalls
SetStdHandle
RtlUnwind
GetOEMCP
MultiByteToWideChar
GetACP
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetEnvironmentStringsW
TlsAlloc
GetCurrentProcess
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeW
GetCurrentThreadId
TlsSetValue
GetStdHandle
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

wsprintfA

advapi32

RegSetValueExA
RegQueryValueExA
RegFlushKey
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateGuid

oleaut32

SysAllocString
VariantCopy
VariantChangeType
VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetGetConnectedState

atl

ord18
ord30
ord23
ord21
ord16
ord15
ord32
ord58
ord31
ord22

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d1bc24941b9d5b80b06be10ae1fe13f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

atl

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 181KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 181KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 5KB