30e99024d9cc9044213e0a3647afe8b6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

30e99024d9cc9044213e0a3647afe8b6_JaffaCakes118
Size

586KB
MD5

30e99024d9cc9044213e0a3647afe8b6
SHA1

48da0ff522c7f589591bc2fa9506809792a0519f
SHA256

7070e7211df054ae41ec3e9653fedee851bde9afd96422db7968f085a76fd570
SHA512

0fe0213e3a2961062d1bfe2e349c9d700b615b4a7fd0ab65a732294a515ae551e543c6bd8766a3535bcdca038591c477e1bacd1280f860e700640ed287695108
SSDEEP

12288:7efY5e3E9Tr2uhbtK+7uBmhZG3OmWse/2iUHoQ0Lj8A:7efYCObtKEuBj3OEdiRQO8A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30e99024d9cc9044213e0a3647afe8b6_JaffaCakes118

Files

30e99024d9cc9044213e0a3647afe8b6_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

88006c110960ce0b06354982e49c2846

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msxml.pdb

Imports

ole32

CLSIDFromProgID
StringFromCLSID
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CreateBindCtx
CoTaskMemFree
CoCreateInstance

shlwapi

PathFindExtensionW
ord2
PathFindFileNameW
StrCmpW
StrCmpNIA
PathIsURLW
UrlUnescapeW
PathSearchAndQualifyW
UrlCreateFromPathW
PathCreateFromUrlW
UrlIsW
StrCpyW
StrCmpIW
StrCmpNIW
StrCmpNW
ord136
ord60
ord116
ord69
ord131
ord55
ord117
ord147
ord56
ord51
ord26
ord25
ord38
ord43
ord68
ord52
ord45
ord128
ord125
ord83

kernel32

LocalAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapReAlloc
GetOEMCP
GetACP
lstrcpyA
lstrlenA
GetProcAddress
LoadLibraryA
FreeLibrary
TlsGetValue
lstrcmpiA
MultiByteToWideChar
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
TlsSetValue
HeapAlloc
HeapFree
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
GetCurrentProcess
CloseHandle
GetModuleHandleA
GetVersionExA
TlsAlloc
TlsFree
GetProcessHeap
InterlockedExchange
lstrlenW
GetThreadContext
Sleep
WaitForSingleObject
SetEvent
ResetEvent
ResumeThread
SuspendThread
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
GetTickCount
ReleaseSemaphore
DeleteCriticalSection
CreateSemaphoreA
InitializeCriticalSection
VirtualAlloc
VirtualFree
HeapDestroy
GetLastError
HeapCreate
GetSystemInfo
SetLastError
DebugBreak
RaiseException
WideCharToMultiByte
LoadLibraryExA
SizeofResource
LockResource
LoadResource
FindResourceA
FormatMessageA
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemDefaultLCID
GetCPInfo
WriteFile
GetFileType
SetFilePointer
CreateFileA
FlushFileBuffers
ReadFile
GetThreadLocale
GlobalUnlock
GlobalLock
GetTimeFormatA
GetDateFormatA
lstrcatA
CreateEventA
lstrcatW
SetThreadPriority
CreateThread
GetCommandLineA
RtlUnwind
VirtualQuery
ExitProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

Exports

Exports

ServiceMain
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88006c110960ce0b06354982e49c2846

Headers

File Characteristics

PDB Paths

Imports

ole32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 392KB - Virtual size: 391KB

.data Size: 13KB - Virtual size: 29KB

.rsrc Size: 152KB - Virtual size: 152KB

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 392KB - Virtual size: 391KB

.data
Size: 13KB - Virtual size: 29KB

.rsrc
Size: 152KB - Virtual size: 152KB

.reloc
Size: 27KB - Virtual size: 26KB