5d8e2fa6bc5bf313eb5a11f0f52cf4e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5d8e2fa6bc5bf313eb5a11f0f52cf4e6_JaffaCakes118
Size

96KB
MD5

5d8e2fa6bc5bf313eb5a11f0f52cf4e6
SHA1

87f327603cab9e577b38d2ba7aa7d1921cd2a0d4
SHA256

5ed39dbf9dc4bea342a494abb558c83d4f1fe967e751441037d94df3afeaee57
SHA512

82ac1e8f2d53b5c53a0b74111525de6a98526b2aeaf6519f61f2f7ffb8ecbd8dea484540fdb0f6bfa106d9f84b094340e5cbeb4e2b316552c17c16b4ff277f43
SSDEEP

1536:8ICuE9q4byzBRMtfWwWTTfIcoJbyi4oGvMioH4uQkpGkr:fCOfMtOwnuc0MioH3Vr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d8e2fa6bc5bf313eb5a11f0f52cf4e6_JaffaCakes118

Files

5d8e2fa6bc5bf313eb5a11f0f52cf4e6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4bf5e5d17b7b5cee3099b7ddf3e08f56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeExA
GetThreadLocale
ReadFile
CreateDirectoryA
GetEnvironmentVariableA
GetTempPathA
CreateThread
LocalFree
MultiByteToWideChar
SetEnvironmentVariableA
CompareStringW
CompareStringA
DebugBreak
lstrlenA
DeleteFileA
WinExec
SetFilePointer
WriteFile
CreateFileA
GetFileSize
CloseHandle
lstrlenW
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetProcAddress
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapDestroy
GetModuleHandleA
GetEnvironmentStringsW
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
InitializeCriticalSection
HeapCreate
GetVersionExA
GetSystemInfo
HeapAlloc
GetModuleFileNameA
OutputDebugStringA
GetLastError
WideCharToMultiByte
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
HeapFree
GetCPInfo
GetACP
GetOEMCP
ExitProcess
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

wvsprintfA
CharNextA
LoadStringA

advapi32

RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
SetNamedSecurityInfoA
SetEntriesInAclA
GetNamedSecurityInfoA
GetUserNameA

ole32

StringFromCLSID
CoTaskMemFree

oleaut32

VariantClear
SysFreeString
LoadRegTypeLi
SysStringLen
LoadTypeLi
SysAllocString

wininet

HttpSendRequestA
InternetCrackUrlA
InternetReadFile
HttpQueryInfoA
InternetOpenA
InternetConnectA
InternetAttemptConnect
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCloseHandle

netapi32

Netbios

atl

ord21
ord16
ord18
ord57
ord32
ord58
ord15
ord30
ord31
ord23

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bf5e5d17b7b5cee3099b7ddf3e08f56

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

netapi32

atl

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 5KB