21b91a8531952a04b3abe801471023e9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21b91a8531952a04b3abe801471023e9_JaffaCakes118
Size

52KB
MD5

21b91a8531952a04b3abe801471023e9
SHA1

933b95cc975ed3cb9c8f06a0142fd7d3fc73246c
SHA256

19c0115aa8677dc0baecf06bf26d840b575252a5e9c54fb23c33039336187e6f
SHA512

87b469b21987e7ccf8cd40eaa4f59f5fa5951799a4d4291cc55f3409967691c04e33f2f8cbefd00374a71d1e9d08698fea121fdc433d6b723d92412a9a785b53
SSDEEP

1536:n2vTvqB14afQkNx5XQJvy0hDSSdYjO56Z:KTvIQkN8Jq0hefjO56

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21b91a8531952a04b3abe801471023e9_JaffaCakes118

Files

21b91a8531952a04b3abe801471023e9_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

79d915c7294aa96ea44a2315a00cfedf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
GetProcAddress
lstrlenA
WideCharToMultiByte
lstrlenW
GetCommandLineW
WritePrivateProfileStringA
WaitForSingleObject
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
HeapDestroy
GetShortPathNameA
GetModuleHandleA
CreateDirectoryA
GetExitCodeProcess
LocalFree
GetCurrentProcessId
Sleep
FindFirstFileA
GetPrivateProfileStringA
FindNextFileA
ExitProcess
CreateThread
MultiByteToWideChar
SetFileAttributesA
DeleteFileA
MoveFileA
Process32First
Process32Next
GetModuleFileNameA
CloseHandle

advapi32

BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
ControlService
DeleteService
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA

shell32

CommandLineToArgvW
SHGetSpecialFolderPathA

ole32

CoInitialize
CoUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCreateInstance

oleaut32

SysStringLen
LoadRegTypeLi
VariantClear
SysAllocString
SysFreeString

msvcrt

atoi
_strupr
_stricmp
_adjust_fdiv
malloc
_initterm
free
_access
_purecall
strncmp
strncpy
fopen
fseek
ftell
fread
fclose
??3@YAXPAX@Z
memset
strlen
sprintf
strcpy
strstr
strrchr
strcat
strcmp
_strlwr
strchr
??2@YAPAXI@Z
wcsstr
_wcslwr
memcmp
memcpy

shlwapi

SHDeleteKeyA
SHSetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79d915c7294aa96ea44a2315a00cfedf

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 3KB

cdata Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 3KB

cdata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB