613f7e5fd76f2a0df1a7611b052de3e6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

613f7e5fd76f2a0df1a7611b052de3e6_JaffaCakes118
Size

160KB
MD5

613f7e5fd76f2a0df1a7611b052de3e6
SHA1

bbba110d0aeae35a3ab5cfb4d9a39cd9c5d91d3f
SHA256

8ae5ff1b5f8ecf0aced1b8a519d705289b8e7296485e5866b3b04ee04500d84d
SHA512

52f5e1473522e3fdce279aae679a4c3eb6bf22d9fbc27edf27de2d0b7d1dc5b9de17c7bcc66b0ad2b7c38f75c559c1721f939a0bb2248796d5d3fa651c95dc1d
SSDEEP

1536:VQfxBy15yh6keJu/tw/yZXZTXZ1ic82DWR8J9bhICS4At8zfih8omBGLaggnKp4i:VQfzy15yh6k8gGu8gbKUzfu8om7ggn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
613f7e5fd76f2a0df1a7611b052de3e6_JaffaCakes118

Files

613f7e5fd76f2a0df1a7611b052de3e6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fdc332d5a0c000f53519fa11fc0e3e5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetTimer
DefWindowProcA
RegisterClassExA
CreateWindowExA
ShowWindow
SystemParametersInfoA
wsprintfA
DispatchMessageA
KillTimer
GetMessageA
SetWindowPos
GetClassNameA
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
TranslateMessage

kernel32

RaiseException
GetOEMCP
GetACP
ReadFile
SleepEx
GetTickCount
CloseHandle
OpenProcess
LocalFree
CreateRemoteThread
WriteProcessMemory
GetProcAddress
VirtualAllocEx
LoadLibraryA
GetModuleFileNameA
GetCurrentProcessId
CreateFileA
GetLocalTime
MoveFileExA
WaitForSingleObject
CreateProcessA
DeleteFileA
GetSystemDirectoryA
WriteFile
GetFileAttributesA
GetFileType
TerminateProcess
GetCurrentProcess
FreeLibrary
HeapAlloc
SetEndOfFile
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
TlsGetValue
SetLastError
TlsFree
TlsAlloc
SetUnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
InterlockedDecrement
InterlockedIncrement
GetLastError
MultiByteToWideChar
HeapFree
TlsSetValue
RtlUnwind
HeapReAlloc
WideCharToMultiByte
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetCurrentThreadId
SetHandleCount

advapi32

CryptGenRandom
CryptReleaseContext
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
CryptAcquireContextA

shell32

StrStrIA

ole32

CoInitialize
CoCreateInstance
CoCreateGuid

oleaut32

VariantInit
SysAllocString
GetErrorInfo

netapi32

Netbios

rpcrt4

UuidToStringA

shlwapi

SHGetValueA
SHSetValueA

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdc332d5a0c000f53519fa11fc0e3e5d

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shell32

ole32

oleaut32

netapi32

rpcrt4

shlwapi

psapi

wininet

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 28KB - Virtual size: 33KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 28KB - Virtual size: 33KB

.reloc
Size: 8KB - Virtual size: 6KB