1633c8f0eeca126362bec18a5a728439_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1633c8f0eeca126362bec18a5a728439_JaffaCakes118
Size

58KB
MD5

1633c8f0eeca126362bec18a5a728439
SHA1

3c480825426b9003108e8b290856ce05ab68d5da
SHA256

317a2ce6a678dffd29f5931a9be5a69cbe077b4b9160b528497757e62d58844e
SHA512

8ee9ca3585dfb0c6d8d922aa6f213177fb0dab1765f1e09062f1fbe2590949ff179d51c6ace742c3cc3d11d67e0e94d58a9ededf23df81959935c40ebcab5d8f
SSDEEP

1536:G9WeCej2r0XIm3G1CwBGFjiltWwwJkYQ9UDzPMy3:G1CeaAtWdptwS0DzMy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1633c8f0eeca126362bec18a5a728439_JaffaCakes118

Files

1633c8f0eeca126362bec18a5a728439_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5c1c3e6af688563a53e8e58c50f89ae8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WaitForSingleObject
CreateProcessA
DeleteFileA
GetSystemDirectoryA
GetLocalTime
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
DisableThreadLibraryCalls
GetCurrentProcessId
LoadLibraryA
GetModuleFileNameA
HeapSize
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetTickCount
GetProcAddress
FreeLibrary
SleepEx
MoveFileExA
QueryPerformanceCounter
GetLocaleInfoA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
ReadFile
SetEndOfFile
GetCPInfo
GetOEMCP
GetACP
InitializeCriticalSection
SetFilePointer
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapFree
GetLastError
EnterCriticalSection
LeaveCriticalSection
WriteFile
DeleteCriticalSection
HeapAlloc
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
GetFileAttributesA
GetFileType
CreateFileA
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
RtlUnwind
InterlockedExchange
VirtualQuery

user32

wsprintfA
SetTimer
DispatchMessageA
TranslateMessage
KillTimer
DefWindowProcA
GetMessageA
ShowWindow
RegisterClassExA
CreateWindowExA

advapi32

SetEntriesInAclA
SetSecurityInfo
GetSecurityInfo

ole32

CoCreateGuid

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetSetOptionA
InternetOpenA

shlwapi

SHGetValueA
SHSetValueA

netapi32

Netbios

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.data
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c1c3e6af688563a53e8e58c50f89ae8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

wininet

shlwapi

netapi32

psapi

Exports

Exports

Sections

.data Size: 53KB - Virtual size: 52KB

.reloc Size: 4KB - Virtual size: 3KB

.data
Size: 53KB - Virtual size: 52KB

.reloc
Size: 4KB - Virtual size: 3KB