414ae8ca01e8fdffa72ed7434285857d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

414ae8ca01e8fdffa72ed7434285857d_JaffaCakes118
Size

152KB
MD5

414ae8ca01e8fdffa72ed7434285857d
SHA1

842d55bb36fcde7f59421334c629c5419845c6fc
SHA256

790f10cd85448b072a124e24c178614f6ba0564052953d450657ae1a4da39ef4
SHA512

a0cf7984862db0c46ac5697763c71b8588cbdf4e458ed2bcd67766451622cfb44b30ce575a2951160988a353fd15381bec3134856beb67747a87b7e0ba1ed6e1
SSDEEP

1536:TeOBjUirPK/J6tyzxG0DVWe3u6jihFkiL+zTiX04DfM2Wz44e9Z2linICS4AA4oe:tEXHu6jZk7NZOi024oSl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
414ae8ca01e8fdffa72ed7434285857d_JaffaCakes118

Files

414ae8ca01e8fdffa72ed7434285857d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

291e839bece1c98a0340229d418ade9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetWindowThreadProcessId
DefWindowProcA
SetTimer
KillTimer
SetWindowPos
SystemParametersInfoA
DispatchMessageA
TranslateMessage
EnumWindows
EnumChildWindows
GetClassNameA
wsprintfA
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA

kernel32

RaiseException
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
MoveFileExA
CloseHandle
WaitForSingleObject
CreateProcessA
LocalFree
GetProcAddress
LoadLibraryA
DeleteFileA
GetSystemDirectoryA
GetLocalTime
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
SleepEx
GetTickCount
GetModuleFileNameA
CreateFileA
GetCurrentProcessId
WriteFile
GetFileAttributesA
GetFileType
TerminateProcess
GetCurrentProcess
FreeLibrary
HeapReAlloc
GetOEMCP
GetACP
ReadFile
SetEndOfFile
SetFilePointer
FlushFileBuffers
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetStdHandle
GetCPInfo
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
HeapAlloc
HeapFree
GetVersionExA
GetLastError
MultiByteToWideChar
RtlUnwind
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
LCMapStringA
LCMapStringW
GetModuleHandleA
GetEnvironmentVariableA
SetHandleCount

advapi32

SetEntriesInAclA
SetSecurityInfo
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetSecurityInfo

shell32

StrStrIA

ole32

CoInitialize
CoCreateGuid
CoCreateInstance

oleaut32

VariantInit
SysAllocString
GetErrorInfo

netapi32

Netbios

wininet

InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA

rpcrt4

UuidToStringA

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

shlwapi

SHGetValueA
SHSetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

291e839bece1c98a0340229d418ade9d

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shell32

ole32

oleaut32

netapi32

wininet

rpcrt4

psapi

shlwapi

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 90KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 24KB - Virtual size: 31KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 24KB - Virtual size: 31KB

.reloc
Size: 8KB - Virtual size: 6KB