4c02baf1c64b3f91ffdf848a9c217061_JaffaCakes118

General

Target

4c02baf1c64b3f91ffdf848a9c217061_JaffaCakes118
Size

156KB
MD5

4c02baf1c64b3f91ffdf848a9c217061
SHA1

36fdd964f394bcbac68e4fc8c68a6fd92fc8c873
SHA256

ee61a9574311cbbc086fa910f88f642c43f8760fb02ccdb37bf8ba9bce5fe774
SHA512

e9600e11cb76f6c40ed30a03c0d0591c111a7d0bb48321b341e03df0448feb5327158c536487bbe6d39c4e4c108aa13b9a0dffac59ec97ac6410e5659edd6e9d
SSDEEP

3072:B1QXuXdOUzTEpsm+kOc2UkWN0mKTItwXEOpRzcyho7Af/jhUD9QTUtNL+I9j:BqetOUIh+k+5WNCIKEExNoctUaAH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c02baf1c64b3f91ffdf848a9c217061_JaffaCakes118

Files

4c02baf1c64b3f91ffdf848a9c217061_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

8a5e4bb14bb4dff7c8b889af662eb5c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord823
ord825

msvcrt

realloc
memmove
malloc
free
_wasctime
wcslen
wcscpy
strncat
wcsncpy
_stat
__CxxFrameHandler
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_itoa
_stricmp
_strdup
strncmp
calloc
time
localtime
_timezone
sprintf
vsprintf
atoi
_except_handler3

kernel32

GetLastError
WriteFile
DeviceIoControl
VirtualAlloc
QueryPerformanceCounter
SetThreadPriority
VirtualProtect
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
CreateFileA
CloseHandle
ReadFile
OutputDebugStringA
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
Sleep
QueryPerformanceFrequency

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyA
RegOpenKeyA
RegDeleteKeyA
RegSetValueA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize

rpcrt4

UuidToStringA

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

winmm

timeGetTime

Exports

Exports

ServiceMain
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_DllMain@12

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a5e4bb14bb4dff7c8b889af662eb5c7

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

ole32

rpcrt4

setupapi

winmm

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 1024B - Virtual size: 21KB

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 1024B - Virtual size: 21KB

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 5KB - Virtual size: 4KB