26393ec40e651b1e51f7dd9b7d2188f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26393ec40e651b1e51f7dd9b7d2188f5_JaffaCakes118
Size

76KB
MD5

26393ec40e651b1e51f7dd9b7d2188f5
SHA1

c843d10d2e1f4c502429c58fc759b4b7253d8728
SHA256

063b661058b90a31301f2808af883fd98d023e4d95555ebe391bea510be963e5
SHA512

ca40d31f13ce84f3fc99d37365ab4a912bf5f9e1c2609a0cd08798b761df741d75c8c7a3aa1d2a83fab8bae49d6526edc9a23cadd917ea46d01915375b6b4b2b
SSDEEP

1536:qEfswS1w/k+jaswg8EiipCICS4ASaSlJ1pLa0QZdfA+jpRU:qK3Sck+jas381i7A7J1404pjL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26393ec40e651b1e51f7dd9b7d2188f5_JaffaCakes118

Files

26393ec40e651b1e51f7dd9b7d2188f5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6c42ade0a29ceba68fd754a87689d9be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidToStringA

winmm

timeGetTime

netapi32

Netbios

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

user32

RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
wsprintfA
KillTimer
SetTimer
DefWindowProcA
GetClassNameA
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
SystemParametersInfoA
SetWindowPos
DispatchMessageA

advapi32

CryptGenRandom
CryptReleaseContext
RegOpenKeyExW
RegQueryValueExW
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
RegOpenKeyExA
RegCloseKey
CryptAcquireContextA

oleaut32

VariantClear
SysAllocString
GetErrorInfo

shlwapi

StrStrIA
SHSetValueA
SHGetValueA

ole32

CoCreateGuid
CoInitialize
CoCreateInstance

msvcrt

wctomb
__mb_cur_max
??3@YAXPAX@Z
??2@YAPAXI@Z
isupper
??0exception@@QAE@XZ
_CxxThrowException
??1exception@@UAE@XZ
srand
islower
isalnum
strchr
strstr
toupper
strtok
fclose
fwrite
fopen
_stricmp
atoi
wcslen
?what@exception@@UBEPBDXZ
wcscmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
strncpy
free
malloc
tmpnam

wininet

InternetOpenA
InternetSetOptionA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

kernel32

CreateFileA
GetWindowsDirectoryA
GetFullPathNameA
InterlockedExchange
SetLastError
GetLastError
GetProcessHeap
MoveFileExA
HeapSize
GetVersionExA
GetCurrentDirectoryA
GetEnvironmentVariableA
GetCurrentThread
GetThreadTimes
GetModuleFileNameA
WaitForSingleObject
CreateProcessA
DeleteFileA
GetLocalTime
MultiByteToWideChar
LocalFree
HeapAlloc
QueryPerformanceFrequency
GetCurrentProcessId
GetSystemDirectoryA
Sleep
DisableThreadLibraryCalls
GetVersion
lstrlenA
lstrcpyA
HeapFree
GetSystemInfo
SleepEx
GetTickCount
QueryPerformanceCounter
FreeLibrary
CloseHandle
CreateRemoteThread
WriteProcessMemory
GetProcAddress
VirtualAllocEx
OpenProcess
LoadLibraryA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c42ade0a29ceba68fd754a87689d9be

Headers

File Characteristics

Imports

rpcrt4

winmm

netapi32

version

user32

advapi32

oleaut32

shlwapi

ole32

msvcrt

wininet

psapi

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 15KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 15KB

.reloc
Size: 4KB - Virtual size: 2KB