6690f529eced658cd55353f049eb1fc1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6690f529eced658cd55353f049eb1fc1_JaffaCakes118
Size

144KB
MD5

6690f529eced658cd55353f049eb1fc1
SHA1

bdfc93641d592883d996544a3024324993597806
SHA256

1edc97d5b32589251604b1df6bd128b26b50d2a19f19388d67125ec9c7fe0ce1
SHA512

8af8acd6d505bd10eaa2b0c3c53bf249a39a1e965b70102892935201a6fcfbdb6277db3c70d019cde41e730ba81440dec08a16010f8a1e1ba8f5d1e3271e95cc
SSDEEP

1536:ffkaFHZr6uh2ArTaIMWfYjPQdal6C3upGfFTg3xqIXTf6qVe6X6acosUzV7V7v10:f/B2Ay2cYEuV3zXTp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6690f529eced658cd55353f049eb1fc1_JaffaCakes118

Files

6690f529eced658cd55353f049eb1fc1_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

b83d458a7ae482ac2151dfc56d2d7c01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mydocs.pdb

Imports

msvcrt

_except_handler3
_vsnwprintf

kernel32

DisableThreadLibraryCalls
LoadLibraryA
lstrlenW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
WritePrivateProfileSectionW
WritePrivateProfileStringW
GetFileAttributesW
GetPrivateProfileStringW
CloseHandle
LoadLibraryW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress
CreateFileW
GetModuleFileNameW
lstrcpynW
GetWindowsDirectoryW
GetModuleHandleW
LocalAlloc
LocalFree
InterlockedIncrement
lstrcmpiW
InterlockedDecrement
FreeLibrary

user32

LoadStringW
GetDlgItemTextW
SetWindowTextW
GetWindowLongW
ScreenToClient
ChildWindowFromPoint
GetDlgCtrlID
WinHelpW
SetWindowLongW
SendDlgItemMessageW
GetDlgItem
ShowWindow
DestroyIcon
SetDlgItemTextW
GetParent
SendMessageW

shell32

SHOpenFolderAndSelectItems
ord190
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ord755
ord171
SHGetDesktopFolder
SHGetPathFromIDListW
ord18
SHBindToParent
ord17
ord16
ord182
SHGetFolderPathW
ord155
SHGetFolderLocation
ord102
ord100
SHChangeNotify
ord232
SHCreateDirectoryExW

shlwapi

PathRemoveBlanksW
PathStripToRootW
PathGetDriveNumberW
PathIsSystemFolderW
PathFindFileNameW
SHAutoComplete
PathAddBackslashW
StrRetToBufW
ord476
PathRemoveBackslashW
ord460
PathCombineW
ord446
PathUnmakeSystemFolderW
PathIsRootW
PathIsUNCW
StrCmpIW
ord437
StrCpyNW
ord219
PathRemoveFileSpecW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey

ole32

CoInitializeEx
CoUninitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
PerUserInit

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b83d458a7ae482ac2151dfc56d2d7c01

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

shell32

shlwapi

advapi32

ole32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.data Size: 56KB - Virtual size: 56KB

.rsrc Size: 68KB - Virtual size: 68KB

.reloc Size: 1024B - Virtual size: 920B

.text
Size: 17KB - Virtual size: 17KB

.data
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 68KB - Virtual size: 68KB

.reloc
Size: 1024B - Virtual size: 920B