1971ff3537a8ec5ab862df89bac3488e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1971ff3537a8ec5ab862df89bac3488e_JaffaCakes118
Size

200KB
MD5

1971ff3537a8ec5ab862df89bac3488e
SHA1

540dd7441438938d7278764845885d7c3ff26b2b
SHA256

7ae795b57d6a2d4a043645a10381de993987b963a7f7d4728da029457da3455a
SHA512

3747b2b862f2f877633bc1f9e18ea47d7628cd3800859f8d11674e8f68c94ae7f364a9f5ad2ca164fc1bcd807e7a39d84baefe0786eef4af0564a49c20c1535f
SSDEEP

3072:oZEq4+JihO/aN/c3EFOQgsHDWIl2F5BdKskfx:oZEq4NI/+c3EZgOQWskfx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1971ff3537a8ec5ab862df89bac3488e_JaffaCakes118

Files

1971ff3537a8ec5ab862df89bac3488e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0d90c22cb64ea42aa02bbb521e5ee6c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetTickCount
DeviceIoControl
WaitForSingleObject
ExitProcess
SetLastError
GetLongPathNameA
OpenProcess
CreateMutexA
GetWindowsDirectoryA
GetShortPathNameA
GetCommandLineA
OutputDebugStringA
CopyFileA
GetCurrentProcess
GetCurrentThread
Process32Next
Module32Next
LockResource
SizeofResource
LoadResource
FindResourceA
LoadLibraryA
GetExitCodeThread
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
GetPrivateProfileStringA
GetEnvironmentVariableA
GetExitCodeProcess
SearchPathA
WinExec
HeapAlloc
GetProcessHeap
HeapFree
TerminateProcess
GetTempFileNameA
RemoveDirectoryA
SuspendThread
GetThreadContext
FlushInstructionCache
SetThreadContext
ResumeThread
VirtualProtectEx
GetProcAddress
FreeLibrary
OpenMutexA
GetModuleFileNameA
MoveFileExA
CreateProcessA
Sleep
CloseHandle
CreateFileA
GetLastError
FindFirstFileA
FindNextFileA
FindClose
GetSystemDirectoryA
GetTempPathA
DeleteFileA
MoveFileA
VirtualFreeEx

user32

SendMessageA
DestroyWindow
FindWindowA
ShowWindow
FindWindowExA
keybd_event
SetFocus
SetForegroundWindow
GetWindowThreadProcessId

advapi32

AdjustTokenPrivileges
OpenSCManagerA
CloseServiceHandle
RegOpenKeyExA
RegOpenKeyA
RegCloseKey
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
RegQueryValueExA
RegCreateKeyA
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken
RegSetValueExA

shell32

SHGetSpecialFolderPathA

shlwapi

PathIsDirectoryA
SHGetValueA
PathAppendA
PathRemoveFileSpecA
PathCombineA
PathFindFileNameA
SHDeleteValueA
SHSetValueA
SHDeleteKeyA

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
memcpy
_mbslwr
rewind
fgets
fprintf
strncat
strchr
_mbsstr
sscanf
??2@YAPAXI@Z
??3@YAXPAX@Z
strrchr
_strnicmp
_local_unwind2
fseek
ftell
fread
strstr
__CxxFrameHandler
strcmp
time
srand
memset
strlen
free
strcpy
malloc
sprintf
_mbsnbcpy
_mbscmp
strcat
_snprintf
atoi
_strdup
_stricmp
_strlwr
fclose
fwrite
fopen
_except_handler3
rand

urlmon

URLDownloadToFileA

Exports

Exports

DllRegisterServer
DllUnregisterServer
Rundll32
ekfs
ekfsEx

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d90c22cb64ea42aa02bbb521e5ee6c4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

setupapi

version

msvcrt

urlmon

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 144KB - Virtual size: 140KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 144KB - Virtual size: 140KB

.reloc
Size: 4KB - Virtual size: 3KB