2628433e1d7fd0db3a05d52adb6419d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2628433e1d7fd0db3a05d52adb6419d8_JaffaCakes118
Size

97KB
MD5

2628433e1d7fd0db3a05d52adb6419d8
SHA1

43ee4a61bcd058f437088c20d806a0ee8ef8db6a
SHA256

982bfff4007ad975fa4688391818f34b48c17f445d63283f16b6cf4505b9833d
SHA512

b19db353c1ec5e5bca4d43fc3f9b51d10426c6449243ea73ed7ccd0612364c0acdae4efbc39b0d9b2663c9f31c24ef3187bdb187d7ad376c82c16c01c32b3c22
SSDEEP

3072:SlZJ4E+NU+r/WlFhXwP6jBXWCBXLb5piMs:fEwUu/CXWCFzhs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2628433e1d7fd0db3a05d52adb6419d8_JaffaCakes118

Files

2628433e1d7fd0db3a05d52adb6419d8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0a204ad2422e940354c755d0a88a288f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_addr
WSAStartup
socket
setsockopt
ioctlsocket
connect
select
__WSAFDIsSet
shutdown
recv
WSASetLastError
htons
getservbyname
htonl
closesocket
WSACleanup
getservbyport
ntohs
gethostbyaddr
inet_ntoa
gethostbyname
WSAGetLastError
send

kernel32

GetTickCount
QueryPerformanceCounter
RtlUnwind
VirtualQuery
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
Sleep
HeapFree
VirtualAlloc
HeapAlloc
GetProcessHeap
ReadFile
SetFilePointer
GetFileSize
CreateFileA
GetSystemInfo
VirtualProtect
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
VirtualFree
CloseHandle
lstrlenW
lstrcmpiA
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetModuleFileNameA
IsDBCSLeadByte
LoadLibraryExA
GetModuleHandleA
SetThreadLocale
GetThreadLocale
FormatMessageW
FormatMessageA
HeapReAlloc
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
CreateFileW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetVersionExA
GetACP
GetLocaleInfoA
HeapSize
lstrcmpA
IsDebuggerPresent
DebugBreak

mkzlib

inflate
inflateReset
inflateInit_
inflateEnd

mkunicode

Utf16ToUtf8
Utf8ToUtf16

user32

UnregisterClassA
CharNextA

advapi32

RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExW
RegDeleteValueA
RegQueryValueExW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocStringLen
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
VariantChangeType
SysFreeString

rpcrt4

UuidToStringA
RpcStringFreeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a204ad2422e940354c755d0a88a288f

Headers

File Characteristics

Imports

ws2_32

kernel32

mkzlib

mkunicode

user32

advapi32

ole32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 78KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 79KB - Virtual size: 78KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB