3de5c810e380494d57dd4746e756947d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3de5c810e380494d57dd4746e756947d_JaffaCakes118
Size

200KB
MD5

3de5c810e380494d57dd4746e756947d
SHA1

d2ef3724e73e66d83889fe7fdc872d921811af9a
SHA256

496faf544dcfb55c198833956d1f0d209b80fa2052a90713ce43b757b113a0a2
SHA512

0da781ac2e368e6264321474011e658074a6b874f8ca0b48f05445fc65af604fa8eb891e6e6718d5d7b633ecfb82e4b8064d209baab5e4e73dbf733eee7ee56b
SSDEEP

6144:qHZqvjdgnnPg9LclFK2Pj/L9qWCu3orhBZVTc0hXKE:YujdgnnPKLcL5PjT9qUoZtc4b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3de5c810e380494d57dd4746e756947d_JaffaCakes118

Files

3de5c810e380494d57dd4746e756947d_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

bca884b4afc80c860d8f651c1327bfa9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

scrrun.pdb

Imports

mfc42

ord823
ord825

msvcrt

__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_wcsnicmp
towlower
_itow
_wcsicmp
towupper
iswalpha
_mbctolower
_itoa
_mbctoupper
_ismbblead
_mbsdec
_mbsnbicmp
_mbsicmp
_mbsnbcpy
isalpha
strncpy
srand
rand
wcscpy
wcsncpy
__CxxFrameHandler
_purecall
wcscmp
sprintf
_vsnprintf
memmove
wcslen
malloc
free
?terminate@@YAXXZ
_except_handler3
_onexit

oleaut32

VarDecFromI4
VariantCopy
SysFreeString
SysAllocStringLen
UnRegisterTypeLi
SysStringLen
LoadRegTypeLi
VariantClear
LHashValOfNameSys
LHashValOfNameSysA
VarCyFromR8
VariantChangeTypeEx
SysAllocString
LoadTypeLi
SysReAllocStringLen
VarCyFromI4
SafeArrayUnlock
VarR4FromDec
VarCyFromR4
VarR4FromCy
SafeArrayDestroy
SafeArrayCreate
SafeArrayLock
LoadTypeLibEx

ole32

StringFromCLSID
StringFromGUID2
CoGetMalloc
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueA
RegSetValueA
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyA
RegCloseKey
IsTextUnicode

kernel32

CreateDirectoryW
MoveFileW
RemoveDirectoryW
GetShortPathNameW
lstrcpyW
GetFullPathNameW
lstrcatW
FindNextFileW
GetSystemDirectoryW
GetWindowsDirectoryW
GetTempPathW
CopyFileW
DeleteFileW
GetFileAttributesW
CreateDirectoryA
MoveFileA
RemoveDirectoryA
GetShortPathNameA
GetFullPathNameA
lstrcatA
FindNextFileA
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
CopyFileA
DeleteFileA
GetFileAttributesA
GetStdHandle
InterlockedDecrement
InterlockedIncrement
QueryPerformanceCounter
SetFileAttributesA
GetUserDefaultLCID
GetVersion
GetLocaleInfoA
lstrcpyA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExA
LoadLibraryA
GetProcAddress
GetTickCount
GetFileType
GetFileInformationByHandle
SetFilePointer
WriteConsoleW
WriteFile
PeekNamedPipe
ReadFile
CloseHandle
CreateFileW
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
GetLogicalDrives
SetVolumeLabelW
SetVolumeLabelA
SetErrorMode
GetVolumeInformationW
GetVolumeInformationA
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
GetDiskFreeSpaceA
SetFileAttributesW
InitializeCriticalSection
LCMapStringW
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
SetLastError
CompareStringW
CompareStringA
GetDriveTypeW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetDriveTypeA
GetDiskFreeSpaceW

user32

CharNextA
wsprintfA
LoadStringA

version

GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoOpenPipeStream

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bca884b4afc80c860d8f651c1327bfa9

Headers

File Characteristics

PDB Paths

Imports

mfc42

msvcrt

oleaut32

ole32

advapi32

kernel32

user32

version

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 98KB

.data Size: 56KB - Virtual size: 54KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 98KB

.data
Size: 56KB - Virtual size: 54KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 8KB - Virtual size: 6KB