4694064b6261cd967b37967eef7ce7c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4694064b6261cd967b37967eef7ce7c9_JaffaCakes118
Size

196KB
MD5

4694064b6261cd967b37967eef7ce7c9
SHA1

45bc6565d2010867cd66cf5b273c620dd05005a5
SHA256

4d120ca68f0067a1569fc070445e6afb08cba68c32e6358554777e6e7c4cdcc7
SHA512

338598a483bae0ce14395edd89d9968390142a27aee2e9b48f7f1359ba631289f9c936e1b4e260a7ce9ded499c52b8c92d121a823a2a5934bb50625bc3b70edb
SSDEEP

3072:iXPCz/2sN97BpvnmwsVqHw021eGlRXpVDIBD:i6zugldnmwsV4w0d+7El

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4694064b6261cd967b37967eef7ce7c9_JaffaCakes118

Files

4694064b6261cd967b37967eef7ce7c9_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a7959ee8fb30010c47c4b7748a3e2fb3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
MultiByteToWideChar
lstrlenW
DisableThreadLibraryCalls
OpenProcess
GetCurrentProcessId
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
lstrcatA
FreeLibrary
GetProcAddress
GetModuleHandleA
Sleep
GetTickCount
DeleteFileA
GetSystemDirectoryA
MapViewOfFile
CloseHandle
CreateFileMappingA
CreateFileA
SetStdHandle
FlushFileBuffers
SetFilePointer
RaiseException
InterlockedExchange
LocalFree
GetShortPathNameA
WideCharToMultiByte
InterlockedIncrement
lstrlenA
OutputDebugStringA
DebugBreak
LoadLibraryA
InterlockedDecrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
RtlUnwind
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
HeapFree
ExitProcess
GetCPInfo
GetACP
GetOEMCP
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetStringTypeA
GetStringTypeW
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
ReadFile

user32

CharNextA
LoadStringA
wvsprintfA
wsprintfA
CharLowerA

advapi32

RegQueryValueA
RegSetValueExA
IsTextUnicode
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
RegisterTypeLi
VariantCopy
VariantChangeType
VariantClear
SysStringLen
LoadRegTypeLi
SysAllocString
LoadTypeLi

wininet

InternetOpenUrlA
InternetOpenA
InternetCrackUrlA
InternetCloseHandle

urlmon

URLDownloadToFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7959ee8fb30010c47c4b7748a3e2fb3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

urlmon

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 28KB - Virtual size: 32KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 28KB - Virtual size: 32KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 9KB