1b4092da70c061a67f2856088a97194c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b4092da70c061a67f2856088a97194c_JaffaCakes118
Size

56KB
MD5

1b4092da70c061a67f2856088a97194c
SHA1

09985a38e14d34468da80e76470f7c4b2ab1db1d
SHA256

eeaab0717bc4d896e92c4a9e8ef265c135aadfb38d54e1287b83f28a26dae0c7
SHA512

9dc7ba0ce2f6154f116400d931aa982ccf39d26925c29c2b3c787d0acebfbdecb4d9cd5031d48241d0ae2ddc691e85ad59309749874268a68cac7d230ebf26bf
SSDEEP

768:NR0U3idD3i4QXpj4fMHp5byYZr3Z9K16BWu5KgFEZpcPMmYghQbLfJ2:NviE4Ypj4Uus/iLHwl+Lfs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b4092da70c061a67f2856088a97194c_JaffaCakes118

Files

1b4092da70c061a67f2856088a97194c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8c62ca7a9e73c88fcaf6385666a0b591

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
HeapDestroy
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleHandleA
Process32Next
Process32First
WritePrivateProfileStringA
WideCharToMultiByte
EnterCriticalSection
FindNextFileA
SetFileAttributesA
GetPrivateProfileStringA
FindFirstFileA
MoveFileA
GetExitCodeProcess
WaitForSingleObject
GetSystemDirectoryA
CreateDirectoryA
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetCommandLineW
GetModuleFileNameA
DeleteFileA
CreateProcessA
GetCurrentProcessId
FreeLibrary
LoadLibraryA
GetProcAddress
ExitProcess
CloseHandle
Sleep
LocalFree
CreateThread

advapi32

RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
RegQueryValueExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoGetInterfaceAndReleaseStream
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi
SysFreeString

msvcrt

fread
_stricmp
_strlwr
_adjust_fdiv
malloc
_initterm
free
_access
_wcslwr
wcsstr
strcmp
memcmp
_purecall
memcpy
atoi
strstr
memset
sprintf
strncpy
strchr
strncmp
strlen
strcpy
strcat
??3@YAXPAX@Z
fclose
_strupr
??2@YAPAXI@Z
ftell
fseek
fopen
strrchr

shlwapi

SHDeleteValueA
SHDeleteKeyA
SHSetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c62ca7a9e73c88fcaf6385666a0b591

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 3KB

bdata Size: 4KB - Virtual size: 4B

idata Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 3KB

bdata
Size: 4KB - Virtual size: 4B

idata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 2KB