1a2b1a8817573849a151cd6435072def_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1a2b1a8817573849a151cd6435072def_JaffaCakes118
Size

30KB
MD5

1a2b1a8817573849a151cd6435072def
SHA1

19fb5830069ef45738a84ba7bc6b98369cb6ba86
SHA256

9ca65b883b44a39e15f52da6912f0dfbd57df2e5fd94edb8c0bf7449734797fa
SHA512

3711826400f9fa3515e21d1cd70bad8c377735c5314d705f151b5ec2da5ee23b01b6efc10df9f6799b7b978e01b426e26b1626729dd1dca3237a1bd604eb9d24
SSDEEP

384:NMIgJDQM/8uohzCPDkvfAnQhSyWH7FGLaInMYk7RH14VAcBIgf1RIuyEKDvM72:N6/T4XziH7FG/nMYU1wA6+EKDka

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a2b1a8817573849a151cd6435072def_JaffaCakes118

Files

1a2b1a8817573849a151cd6435072def_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

48a52f58cd8a81ac06a5cc0f95450871

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsW
StrStrW
StrCatW
StrStrIW
StrCmpW
StrCpyW

ws2_32

gethostbyname
inet_ntoa

kernel32

VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
RtlUnwind
GetModuleFileNameW
CreateThread
Sleep
CloseHandle
DisableThreadLibraryCalls
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
WaitForSingleObject
OpenMutexW
ReleaseMutex
CreateProcessW
FreeLibraryAndExitThread
GetCurrentProcessId
ProcessIdToSessionId
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
MoveFileExW
ExitThread
CreateFileW
GetFileSize
VirtualAlloc
ReadFile
FlushFileBuffers
WriteFile
GetTickCount
lstrlenW
GetSystemDirectoryW
GetVersionExW
GetSystemTime
MultiByteToWideChar
VirtualFree
GetTempPathW
LoadLibraryA
GetProcAddress
FreeLibrary
IsDebuggerPresent
lstrcpyW
LoadLibraryW
GetCurrentProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleW
CreateRemoteThread
VirtualFreeEx
TerminateProcess
WideCharToMultiByte
lstrcatW
QueryPerformanceCounter

user32

wsprintfA
CharLowerW
wsprintfW

advapi32

InitializeSecurityDescriptor
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegFlushKey
SetSecurityDescriptorDacl

ole32

CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitialize

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

Exports

Exports

DllRegisterServer
LsaApCallPackage
LsaApCallPackagePassthrough
LsaApCallPackageUntrusted
LsaApInitializePackage
LsaApLogonTerminated
LsaApLogonUser
LsaApLogonUserEx
SpInitialize
a

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48a52f58cd8a81ac06a5cc0f95450871

Headers

File Characteristics

Imports

shlwapi

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 8B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 8B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 1KB