3677fa8eb76677290bfe0588931fdfbe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3677fa8eb76677290bfe0588931fdfbe_JaffaCakes118
Size

364KB
MD5

3677fa8eb76677290bfe0588931fdfbe
SHA1

cb2937ed35c75e74b342a53d92460115239a95a5
SHA256

f3ff77367ce2b47d3ec6108430a7be47f0b4a47c728fffc47f2eff9053e3e518
SHA512

29f28bb88e2b37b96001d5f6d911b6bf60d44af6a1647c0c84cb79bc5ec23638f597d5f285e6060e837ad1481908e0ccbe0a722cd13ad8b7030a8956041b9b21
SSDEEP

6144:40HMfWvptE9w3uXhg1ylVOnhKP3ESrtMkECguee1Qj/43wYKP:LGWvpu9Wq4y8AVdgux1c43wf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3677fa8eb76677290bfe0588931fdfbe_JaffaCakes118

Files

3677fa8eb76677290bfe0588931fdfbe_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

56f0690901d2090f41446a0168f1139d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
FreeLibrary
CompareStringA
CompareStringW
lstrcmpiA
GetLocaleInfoA
MultiByteToWideChar
GetLastError
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetUserDefaultLCID
GetVersionExA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CloseHandle
SetStdHandle
SetFilePointer

ole32

CoGetMalloc
CoInitialize
CoUninitialize
CoCreateGuid
IIDFromString

oleaut32

VarBstrFromR4
VarBstrFromR8
SysAllocStringByteLen
VariantInit
LoadTypeLi
LoadRegTypeLi
CreateStdDispatch
SysAllocString
SysStringByteLen
SysReAllocStringLen
SysStringLen
SysFreeString
VariantClear
VariantChangeType
SysAllocStringLen
LHashValOfNameSys
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
RegisterTypeLi
VarBstrFromI4
VarBstrFromI2
VarBstrFromDec
VarDateFromStr
VarR8FromStr
VarR4FromStr
VarI4FromStr
VarI2FromStr
VarDecFromStr

user32

wsprintfW
wsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56f0690901d2090f41446a0168f1139d

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

user32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 139KB

.data Size: 188KB - Virtual size: 187KB

.rsrc Size: 24KB - Virtual size: 22KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 140KB - Virtual size: 139KB

.data
Size: 188KB - Virtual size: 187KB

.rsrc
Size: 24KB - Virtual size: 22KB

.reloc
Size: 8KB - Virtual size: 5KB