1866b4607b755039c4908f0b3181c557_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1866b4607b755039c4908f0b3181c557_JaffaCakes118
Size

73KB
MD5

1866b4607b755039c4908f0b3181c557
SHA1

751b4ad7781122084998c3368224b9a928a7eff8
SHA256

d69cfaf2313a9fb6829341a655f6c8b4f1967e495ad33e7088ab3d7da43d558f
SHA512

c33f968c8b7efeba63f3f1bea2a63d2f98352be758019781f02666f723a3aed16eadd8cda807bc091c78fc88c97df908e9ebab351b05aeabf5351f4ab786b52f
SSDEEP

1536:ThFUd7h5RQdRmvtSbetGCe9lUOxYQBmJRXBRVe5Hz:M7tQdIKSrslUOpBEX7s5T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1866b4607b755039c4908f0b3181c557_JaffaCakes118

Files

1866b4607b755039c4908f0b3181c557_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ff418f851b4b1f9ea4c587fec7c4451c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType
MessageBoxA

advapi32

RegQueryValueExA

oleaut32

SysFreeString

wininet

InternetReadFile

urlmon

URLDownloadToFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aspr0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aspr1
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.aspr2
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tmd0
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff418f851b4b1f9ea4c587fec7c4451c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

wininet

urlmon

Exports

Exports

Sections

CODE Size: - Virtual size: 28KB

DATA Size: - Virtual size: 328B

BSS Size: - Virtual size: 1KB

.idata Size: - Virtual size: 2KB

.edata Size: - Virtual size: 162B

.aspr0 Size: - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 512B

.aspr1 Size: - Virtual size: 18KB

.aspr2 Size: 70KB - Virtual size: 70KB

.tmd0 Size: 512B - Virtual size: 148B

.reloc Size: 512B - Virtual size: 148B

CODE
Size: - Virtual size: 28KB

DATA
Size: - Virtual size: 328B

BSS
Size: - Virtual size: 1KB

.idata
Size: - Virtual size: 2KB

.edata
Size: - Virtual size: 162B

.aspr0
Size: - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 512B

.aspr1
Size: - Virtual size: 18KB

.aspr2
Size: 70KB - Virtual size: 70KB

.tmd0
Size: 512B - Virtual size: 148B

.reloc
Size: 512B - Virtual size: 148B