476ac5e222f9583cf668dd0cf24ebdb6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

476ac5e222f9583cf668dd0cf24ebdb6_JaffaCakes118
Size

84KB
MD5

476ac5e222f9583cf668dd0cf24ebdb6
SHA1

9b6a0d19ed6f1310d64b816d77ce4ad52560ac2e
SHA256

82ad79c5a80ea3a7bb3209452374bd50fe37808094ce6e25355b5f414d041812
SHA512

21e167e01d3cab7018948d3a1acb034e98cda8d50236cff36299d7e43ca990c0a1cfd415736a0fdee55a0b3c0bfae0e8608b2ee50276cb16a77695adefdbaeab
SSDEEP

768:65sfQ5P00sEMEO5WyrkIdoSVArfT2Dbono4A1x1qQoqHJMc0Eq4K6ibjol7O97A:WFSEruTA7T0buU1x1q6IXZREl7u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
476ac5e222f9583cf668dd0cf24ebdb6_JaffaCakes118

Files

476ac5e222f9583cf668dd0cf24ebdb6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

2c1bffa45430237357c922270e40ca3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
WaitForSingleObject
CloseHandle
GetLastError
GetFileAttributesA
CreateProcessA
lstrcpyA
lstrlenA
LocalAlloc
lstrcpynA
InterlockedDecrement
GetModuleFileNameA
GetFileAttributesExA
TerminateProcess
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
InterlockedIncrement
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
GetStringTypeA
GetStringTypeW
FlushFileBuffers
RaiseException

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c1bffa45430237357c922270e40ca3e

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 280B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 280B

.reloc
Size: 8KB - Virtual size: 4KB