3d7dbc9d95b11b68de8b4b4a97eaee1c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d7dbc9d95b11b68de8b4b4a97eaee1c_JaffaCakes118
Size

88KB
MD5

3d7dbc9d95b11b68de8b4b4a97eaee1c
SHA1

fce22efd3edb5d6a08a93a2a2b2809cdd6348718
SHA256

4d4ed6a2923bbc2b488efb9473a2a65cdc9bbfe23950cc045830e584dbe2cea4
SHA512

274f133b01d1e5a55c674f4ca8ef6958483033db135a708d60d2f7c3d6449163f4d1e9b1a8305ac8850669e4ceb848537e9b3d2593aa3b4d34f3668fcae0d265
SSDEEP

1536:o1sbOxHUov8uRJY/HJ4/nYmG6sJloPfX:o13xl0QJrnYmG6sJloP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d7dbc9d95b11b68de8b4b4a97eaee1c_JaffaCakes118

Files

3d7dbc9d95b11b68de8b4b4a97eaee1c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

adf3499a687ba287ad76f2a7fec61f80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

WSAStartup
WSCDeinstallProvider
WSACleanup

msvcrt

_strdate
_itoa
strstr
atoi
fopen
_strtime
strncpy
strrchr
sprintf
fclose
wcslen
fprintf
strncat

rpcrt4

UuidFromStringA

kernel32

LeaveCriticalSection
lstrcatA
lstrcpyA
lstrcmpiA
IsDBCSLeadByte
GetVersionExA
WritePrivateProfileStringA
GetEnvironmentVariableA
MoveFileExA
CloseHandle
GetLastError
CreateFileA
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
GetWindowsDirectoryA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
CreateProcessA
Sleep
WaitForSingleObject
ResetEvent
CopyFileA
CreateEventA
HeapAlloc
GetProcessHeap
GetModuleFileNameA
DebugBreak
HeapReAlloc
HeapFree
lstrlenW
lstrlenA
GetShortPathNameA
HeapDestroy
DeleteCriticalSection
DisableThreadLibraryCalls
GetSystemInfo
HeapCreate
InitializeCriticalSection
LoadLibraryExA
EnterCriticalSection
FreeLibrary
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
lstrcpynA
SizeofResource
LoadResource
FindResourceA

user32

CharNextA
MessageBoxA
PostMessageA
FindWindowA
wsprintfA

advapi32

SetSecurityDescriptorDacl
RegEnumValueA
RegQueryInfoKeyA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA
RegFlushKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoCreateGuid
CoTaskMemAlloc

oleaut32

VarUI4FromStr
LoadTypeLi
SysStringLen
SysAllocString
RegisterTypeLi
SysFreeString
LoadRegTypeLi

wininet

InternetSetCookieA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
installNN
uninstall

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adf3499a687ba287ad76f2a7fec61f80

Headers

File Characteristics

Imports

version

ws2_32

msvcrt

rpcrt4

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 5KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 5KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB