4cfc3765fed5cdda47ec512a623f9a28_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4cfc3765fed5cdda47ec512a623f9a28_JaffaCakes118
Size

344KB
MD5

4cfc3765fed5cdda47ec512a623f9a28
SHA1

4626c9656c98fdc2c7cc1ec6226363c74ed130a8
SHA256

9e8ebb8e28a3021f5412ebda26f5d5eb3a912d566dde20f9dc7738f563123b53
SHA512

4967ebdc46f23fab14422d75538c8f35a91bcca94be8bb92de2f56b42fe326038f285593e0137a49bb5cf8bc3bd2855fc8c91e7f2dcb3ceb78f64976da8b1bc9
SSDEEP

6144:l5CzaMO2FxZwHPMVOna56OgZdkBSxTu2pNqLw8ooz+9QJD:l5CzaMOcxZwTnpdkkxi7i9QF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cfc3765fed5cdda47ec512a623f9a28_JaffaCakes118

Files

4cfc3765fed5cdda47ec512a623f9a28_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

01079e578402fb3b7165570d3ad44913

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetShortPathNameA
GetModuleHandleA
lstrlenW
lstrlenA
GetModuleFileNameA
lstrcmpiA
HeapDestroy
FindClose
FindFirstFileA
GetFileAttributesA
CreateFileA
MultiByteToWideChar
EnterCriticalSection
CloseHandle
UnmapViewOfFile
ReadFile
WaitForSingleObject
SetEvent
FreeLibrary
LoadLibraryA
GetProcAddress
GetOEMCP
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
LocalFree
GetLastError
FormatMessageA
WideCharToMultiByte
QueryPerformanceFrequency
CreateEventA
IsBadCodePtr
ResetEvent
GetACP
GetStringTypeW
GetStringTypeA
SystemTimeToFileTime
VirtualAlloc
WriteFile
IsBadWritePtr
HeapCreate
GetVersionExA
VirtualFree
GetEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentVariableA
FreeEnvironmentStringsA
GetStartupInfoA
FreeEnvironmentStringsW
IsBadReadPtr
GetCPInfo
Sleep
InterlockedExchange
GetStdHandle
SetHandleCount
GetFileType
LCMapStringW
UnhandledExceptionFilter
LCMapStringA
SetLastError
lstrcatA
MapViewOfFile
CreateFileMappingA
GetFileSize
VirtualQuery
VirtualProtect
SearchPathA
lstrcpyA
GetWindowsDirectoryA
lstrcpynA
GetCommandLineA
GetTickCount
QueryPerformanceCounter
GetVersion
HeapFree
HeapReAlloc
HeapSize
RaiseException
RtlUnwind
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
SetUnhandledExceptionFilter
TlsAlloc
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
TlsFree
TlsGetValue

user32

MsgWaitForMultipleObjects
PeekMessageA
LoadStringA
wsprintfA
CharLowerBuffA
TranslateMessage
GetDesktopWindow
GetMessageA
DispatchMessageA
PostThreadMessageA

advapi32

RegQueryValueA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

ole32

CLSIDFromProgID
CoInitialize
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoGetInterfaceAndReleaseStream
CoCreateInstance
StringFromCLSID
ProgIDFromCLSID
CoTaskMemFree

oleaut32

GetErrorInfo
SafeArrayRedim
SafeArrayGetUBound
SysStringByteLen
SafeArrayCreate
DispGetParam
VariantCopyInd
LoadRegTypeLi
SafeArrayGetElement
SafeArrayPutElement
SysAllocStringLen
SafeArrayGetLBound
SafeArrayGetDim
SysStringLen
SafeArrayDestroy
SysFreeString
SysAllocString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

01079e578402fb3b7165570d3ad44913

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 152KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

.text Size: 112KB - Virtual size: 112KB

.text
Size: 156KB - Virtual size: 152KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 112KB - Virtual size: 112KB