30197294b680b596f04aceb67457e950_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30197294b680b596f04aceb67457e950_JaffaCakes118
Size

84KB
MD5

30197294b680b596f04aceb67457e950
SHA1

b5d4a67e3aaa2de392d8cc308502214012c4ee79
SHA256

0b68ddf249bc37c06812057668b13867c4e054174c67f673b2bf9b71fc8b3d99
SHA512

dab1e8067d112c3f0b86e4ace77200c2f7c15451c0d5e1e11260241dd70db5ee462077db8c952a0e159d5f16fb02c48c8b98aa563f60712c2016ab9fcc2a6b47
SSDEEP

1536:/jeYg51ffb8J+VFtxFCT7Id5I9WnF26R3oqnd:/jeBTzp7Tqg26R3oqn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30197294b680b596f04aceb67457e950_JaffaCakes118

Files

30197294b680b596f04aceb67457e950_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d358de7e1975fbdd58f121e8490f71ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileA
GetSystemDirectoryA
GetCurrentDirectoryA
lstrlenA
FindClose
GetLastError
FindNextFileA
FileTimeToSystemTime
lstrcmpA
FindFirstFileA
SetCurrentDirectoryA
ReadFile
SetFilePointer
CloseHandle
GetFileSize
CreateFileA
lstrcatA
TerminateProcess
GetExitCodeProcess
PeekNamedPipe
GetTickCount
CreateProcessA
CreatePipe
WriteFile
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetLocaleInfoA
GetDriveTypeA
GetCurrentProcessId
LocalFree
Sleep
lstrcpyA
WinExec
CreateThread
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
RaiseException
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA

user32

wsprintfA

advapi32

RegCloseKey
RegDeleteValueA
RegOpenKeyExA

shell32

StrStrA

ws2_32

__WSAFDIsSet
inet_addr
gethostbyname
ntohl
WSAGetLastError
connect
gethostname
send
select
recv
WSAStartup
WSACleanup
closesocket
inet_ntoa
socket
htons

wininet

InternetQueryOptionA

shlwapi

PathFindExtensionA

oleaut32

GetErrorInfo

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d358de7e1975fbdd58f121e8490f71ee

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wininet

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 15KB - Virtual size: 340KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 15KB - Virtual size: 340KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 6KB - Virtual size: 5KB