34de78554b317af9fe8ed380f17beda5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

34de78554b317af9fe8ed380f17beda5_JaffaCakes118
Size

156KB
MD5

34de78554b317af9fe8ed380f17beda5
SHA1

ced964e93c620c63ce3b6e3b7884e1fe0aa997c3
SHA256

1d0a16e4d36aa25d1bfba6e658e0a186799e344255452a79fdddb25fcc466883
SHA512

fc0e4260cf2323666e5a431678f9c9a86317cbe7f020b71e65de8cf1266b941576cc4f4156a9e3d455d2b476722501f6cf3ed42de8240e31fce7512a3ff1f6a9
SSDEEP

3072:pnocSKEusItsWnocSKEusItsWnocSKEusItsk:pocSKEiocSKEiocSKEY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34de78554b317af9fe8ed380f17beda5_JaffaCakes118

Files

34de78554b317af9fe8ed380f17beda5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

39a2469f2f71b9e89043ef14540c1184

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
strrchr
atoi
wcsrchr
wcscpy
wcscmp
free
malloc
wcsncpy
wcslen
wcscat
_strlwr
strstr

kernel32

GetPrivateProfileStructA
OpenFileMappingA
LocalFree
LocalAlloc
LeaveCriticalSection
GetProcessHeap
HeapFree
EnterCriticalSection
GetTickCount
lstrlenA
lstrcpynA
SetEvent
Sleep
ResetEvent
WaitForSingleObject
GetTempPathA
CreateThread
HeapAlloc
ExitThread
WinExec
CloseHandle
WriteFile
CreateFileA
lstrcatA
GetSystemDirectoryA
CreateEventW
GetLastError
InitializeCriticalSection
TerminateThread
SuspendThread
MapViewOfFile
lstrcpynW
lstrlenW
GetModuleFileNameW
MultiByteToWideChar
GetModuleFileNameA
CreateMutexA
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetDriveTypeW
GetLogicalDrives
CopyFileW
GetProcAddress
LoadLibraryA
VirtualAlloc
lstrcpyA
ResumeThread

advapi32

RegOpenKeyW
RegQueryValueExW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegCloseKey
DeleteService
RegisterServiceCtrlHandlerW
SetServiceStatus

urlmon

URLDownloadToFileA

shlwapi

SHGetValueA

user32

wvsprintfA
wsprintfW
wsprintfA

Exports

Exports

InstallServices
RundllInstall
ServiceMain

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aspk0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.aspk1
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39a2469f2f71b9e89043ef14540c1184

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

urlmon

shlwapi

user32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 968B

.aspk0 Size: 2KB - Virtual size: 1KB

.aspk1 Size: 22KB - Virtual size: 21KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 968B

.aspk0
Size: 2KB - Virtual size: 1KB

.aspk1
Size: 22KB - Virtual size: 21KB

.reloc
Size: 2KB - Virtual size: 1KB