181416f8683c013f7cc44a6c7f526243_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

181416f8683c013f7cc44a6c7f526243_JaffaCakes118
Size

64KB
MD5

181416f8683c013f7cc44a6c7f526243
SHA1

e78d8e3ad24409611f4b150cce1f6fa4df62bb74
SHA256

73efa384a4e6da43fbac16620d0a88dc9353ba394971c721e6fbee4014d22aa4
SHA512

27faf926d2d36d18e8605e9ef96b86e2f9a6af886bcf32c2001a1609d1816c2669b5553b68091347672c5938ecc494e5712d44981d9f2b39dac2685db13e9f1d
SSDEEP

1536:lWk6G3D719eICS4AOLRno8hZ9AmLaWap:p6EDpELG8hZ9ApWap

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
181416f8683c013f7cc44a6c7f526243_JaffaCakes118

Files

181416f8683c013f7cc44a6c7f526243_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

612d8bb9ee9b3187508c26cb042f3b62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
toupper
__CxxFrameHandler
??3@YAXPAX@Z
strtok
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
strerror
_stricmp
srand
ispunct
strncpy
free
strstr
isspace
fopen
atoi
tmpnam
fwrite
fclose
??2@YAPAXI@Z
malloc

shlwapi

SHSetValueA
SHGetValueA
StrStrIA

netapi32

Netbios

advapi32

SetEntriesInAclA
GetSecurityInfo
SetSecurityInfo

oleaut32

GetErrorInfo
VariantClear
SysAllocString

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

wininet

InternetOpenA
InternetSetOptionA
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile

rpcrt4

UuidToStringA

ole32

CoCreateGuid
CoCreateInstance
CoInitialize

user32

SetWindowPos
SystemParametersInfoA
SetTimer
KillTimer
wsprintfA
TranslateMessage
GetMessageA
ShowWindow
CreateWindowExA
GetWindowThreadProcessId
GetClassNameA
DispatchMessageA
EnumChildWindows
RegisterClassExA
EnumWindows
DefWindowProcA

kernel32

QueryPerformanceFrequency
WriteProcessMemory
CreateRemoteThread
CreateFileA
SleepEx
CloseHandle
GetEnvironmentStrings
HeapSize
FreeEnvironmentStringsA
HeapFree
GetProcessHeap
HeapAlloc
MoveFileExA
FreeLibrary
lstrcmpA
QueryPerformanceCounter
LocalFree
LoadLibraryA
WaitForSingleObject
CreateProcessA
lstrlenA
MultiByteToWideChar
GetLastError
VirtualAllocEx
GetModuleFileNameA
lstrcmpiA
DeleteFileA
GetSystemDirectoryA
GetTickCount
GetLocalTime
GetProcAddress
OpenProcess
GetVersionExA
GetCurrentProcessId
DisableThreadLibraryCalls
Sleep

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

612d8bb9ee9b3187508c26cb042f3b62

Headers

File Characteristics

Imports

msvcrt

shlwapi

netapi32

advapi32

oleaut32

psapi

wininet

rpcrt4

ole32

user32

kernel32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 2KB