618519bbea46f392b3a2d292eb54e926_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

618519bbea46f392b3a2d292eb54e926_JaffaCakes118
Size

104KB
MD5

618519bbea46f392b3a2d292eb54e926
SHA1

9e903d07ef30601de88f0fbdfbbbb562596769be
SHA256

6259c8c53682e75a6f344d67a56eb42a5334f513172410545421c70ebfcd83e6
SHA512

c9e8679e6f3335bedece944147abb180343a7b9e1f83c6947db362b226ca39be2ef4ddc4a8e0ad980a9b38eaa92b287f284d270cb55c54c4a2396a32dadc931e
SSDEEP

3072:inOQ3d4CsbND26jMql33fLamiq2wTGXuMBo6nTtb:inFd4CcZvMsfOY/ib

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
618519bbea46f392b3a2d292eb54e926_JaffaCakes118

Files

618519bbea46f392b3a2d292eb54e926_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

590a11e6082ad733fa2c01d868f90c1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstChangeNotificationA
ReadConsoleA
GetCurrentThread
CancelWaitableTimer
GetVersionExW
WaitForSingleObjectEx
GetSystemDirectoryA
GetVolumeInformationA
GetProfileIntW
DosDateTimeToFileTime
lstrcatA
GetDiskFreeSpaceA
DeleteFileW
SetFileTime
FindResourceExA
CopyFileExW
GetStringTypeExA
IsBadCodePtr
SetProcessShutdownParameters
ReadDirectoryChangesW
GetShortPathNameW
WideCharToMultiByte
RtlMoveMemory
LoadResource
GetNumberFormatW
LockResource
MoveFileExW
SetConsoleTextAttribute
SetInformationJobObject
SetConsoleTitleA
SetFileApisToOEM
OpenEventA
ReadConsoleW
GetThreadPriority
GetLocaleInfoW
FindFirstVolumeMountPointW
lstrlenW
AddAtomA
OpenThread
DeleteTimerQueueEx
SetEnvironmentVariableW
GetVolumeInformationW
LocalHandle
SetVolumeLabelA
GetThreadContext
GetExitCodeProcess
WriteConsoleA
UnlockFile
LocalLock
GetFileSize
lstrcmpA
FileTimeToDosDateTime
UpdateResourceA
LocalFileTimeToFileTime
SetFilePointer
GlobalFindAtomW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextFileW
Beep
GetSystemWow64DirectoryW
SetWaitableTimer
DeleteTimerQueueTimer
SearchPathA
GetFileAttributesExW
GetCommandLineW
CreateWaitableTimerW
SetFilePointerEx
SuspendThread
ProcessIdToSessionId
GetBinaryTypeW
CreateDirectoryW
GetFullPathNameW
LocalReAlloc
GetCurrentProcess
FindNextFileA
SetHandleCount
GetSystemDirectoryW
ExitThread
FillConsoleOutputCharacterW
GetTapeParameters
GlobalAddAtomA
GetUserDefaultLangID
GetVolumePathNamesForVolumeNameW
QueueUserWorkItem
GetFileTime
GetEnvironmentStrings
SleepEx
GetStdHandle
RegisterWaitForSingleObjectEx
CompareFileTime
TerminateJobObject
LCMapStringW
MultiByteToWideChar
ReadFileEx
HeapSetInformation
SizeofResource
CreateIoCompletionPort
PostQueuedCompletionStatus
GetSystemWindowsDirectoryA
lstrcpyA
SetConsoleActiveScreenBuffer
GetTimeZoneInformation
GlobalGetAtomNameA
GetDriveTypeW
CallNamedPipeA
FindResourceW
DeleteCriticalSection
GetProfileIntA
GetNumberFormatA
SetConsoleWindowInfo
CreateFileW
VirtualAlloc
SetConsoleScreenBufferSize
GetSystemDefaultLangID
IsProcessorFeaturePresent
AreFileApisANSI
SetNamedPipeHandleState
EnumResourceNamesA
AddAtomW
InterlockedExchange
InitializeCriticalSection
CopyFileA
ReleaseMutex
GetModuleHandleA
GetProcAddress
HeapFree
GetComputerNameA
VirtualQuery
GlobalAlloc
CreateMutexA
GetCurrentProcessId
GetModuleFileNameA
InterlockedIncrement
CloseHandle
DeleteFileA
GetLastError
ExpandEnvironmentStringsA
MoveFileA
WaitForSingleObject
GetSystemTimeAsFileTime
GetTickCount
WriteFile
CreateFileA
EnterCriticalSection
UnmapViewOfFile
ReadFile
Sleep
LoadLibraryA
GetProcessHeap
GetConsoleMode
LeaveCriticalSection

advapi32

GetEffectiveRightsFromAclW
OpenProcessToken
ReportEventA
DuplicateTokenEx
RegCreateKeyW
StartServiceCtrlDispatcherW
MakeSelfRelativeSD
ReadEventLogA
CreateServiceA
RegNotifyChangeKeyValue
SetTokenInformation
RegReplaceKeyW
RegDeleteKeyA
DeregisterEventSource
QueryServiceConfigW
StartServiceW
SetEntriesInAclW
GetUserNameA
RegLoadKeyA
CreateProcessAsUserA
RegCreateKeyA
QueryServiceConfigA
GetOldestEventLogRecord
RegLoadKeyW
QueryServiceConfig2W
CloseServiceHandle
ChangeServiceConfigA
RegUnLoadKeyW
ClearEventLogW
ControlService
RegDeleteValueA
OpenServiceW
EnumDependentServicesA
EnumServicesStatusA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegSetValueExA
LookupAccountNameA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegisterServiceCtrlHandlerExA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

590a11e6082ad733fa2c01d868f90c1f

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 3KB