25806496c0d775c0688b758223c1b1e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25806496c0d775c0688b758223c1b1e5_JaffaCakes118
Size

48KB
MD5

25806496c0d775c0688b758223c1b1e5
SHA1

a3bf5b07f558c3b9f0ad0773f3f41d45ce2b8a0d
SHA256

1cbc28994c6f4a75526e4adf2d85a0663b2214e4963bed51db491799355f86cf
SHA512

a94f08914a51a5a08885c4d606399794cdfad3d85731d8b563900ba0b645be39f507534d95c642de2a7bb6d22232850d69dfc0dc00d5735d4386734445ac4fe3
SSDEEP

768:r05YIIzHZl+N5BHZA13ZF5/dhzqqQBSZHSK0N2JJ3GGyYQdpVskx1ct4Ftn:QSIk8pZAJFxKB0HQN+21YXkx7tn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25806496c0d775c0688b758223c1b1e5_JaffaCakes118

Files

25806496c0d775c0688b758223c1b1e5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0f8abdbe0bd96fa0b212b2b94b3537f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
HeapDestroy
GetShortPathNameA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
WritePrivateProfileStringA
GetCommandLineW
DisableThreadLibraryCalls
Process32Next
Process32First
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetSystemDirectoryA
LocalFree
CreateThread
MoveFileA
GetCurrentProcessId
CreateDirectoryA
ExitProcess
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
FindFirstFileA
GetPrivateProfileStringA
SetFileAttributesA
DeleteFileA
FindNextFileA
WideCharToMultiByte
lstrlenW
Sleep

advapi32

BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA

shell32

CommandLineToArgvW
SHGetSpecialFolderPathA

ole32

CoUninitialize
CoInitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateInstance

oleaut32

VariantClear
SysStringLen
LoadRegTypeLi
SysAllocString
SysFreeString

msvcrt

memcmp
_strupr
_strlwr
_adjust_fdiv
malloc
_initterm
free
_access
atoi
strncmp
strchr
strncpy
strcmp
strcpy
_wcslwr
wcsstr
strlen
??3@YAXPAX@Z
memset
strstr
strrchr
sprintf
strcat
_stricmp
memcpy
_purecall
??2@YAPAXI@Z

shlwapi

SHDeleteKeyA
SHSetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f8abdbe0bd96fa0b212b2b94b3537f8

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 3KB

cdata Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 3KB

cdata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB