66e4a2234a266c586a68db553154687f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

66e4a2234a266c586a68db553154687f_JaffaCakes118
Size

244KB
MD5

66e4a2234a266c586a68db553154687f
SHA1

60405ba8c268f2a6ba3c966b524e77129a019174
SHA256

76caf64fd49e7475b7d9c352e4ac2308699bd629f132d8d8717eef34a80f7e6a
SHA512

1171615e34f922a731aca4ff7edcde3b34c8f7a4b246827c26849e7b5e1e94753a9c764f0a0cdff4031543415393cfa27a1137456cc79c51024a30fa28d94600
SSDEEP

6144:3/TXHO38rCvC4KBS8BBaLWU3tAAqQzkSFVtev3RaCtrc/j3:vTXHO38rCvC4K0maLWU3O3rvRnto/7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66e4a2234a266c586a68db553154687f_JaffaCakes118

Files

66e4a2234a266c586a68db553154687f_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

5796a7375ed23cb88f8fc7ceb5d87fbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

scrrun.pdb

Imports

msvcrt

_write
_lseeki64
_fileno
__pioinfo
__badioinfo
wctomb
_snprintf
isleadbyte
_isatty
_onexit
_lock
__dllonexit
_unlock
_adjust_fdiv
free
_initterm
_XcptFilter
_iob
_vsnwprintf
_errno
_wcsnicmp
towlower
_itow
_wcsicmp
towupper
iswalpha
_mbctolower
_itoa
_mbctoupper
_ismbblead
_mbsdec
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_vsnprintf
memcpy
memmove
malloc
_amsg_exit
wcsncmp
bsearch
_mbsnbicmp
_mbsicmp
isalpha
srand
rand
memset

oleaut32

VarDecFromI4
SysFreeString
SysAllocStringLen
UnRegisterTypeLi
SysStringLen
LoadRegTypeLi
VariantCopy
VariantClear
LHashValOfNameSys
LHashValOfNameSysA
VarCyFromR8
VariantChangeTypeEx
SysAllocString
LoadTypeLi
SysReAllocStringLen
VarCyFromI4
SafeArrayUnlock
VarR4FromDec
VarCyFromR4
VarR4FromCy
SafeArrayDestroy
SafeArrayCreate
SafeArrayLock
LoadTypeLibEx

ole32

StringFromCLSID
StringFromGUID2
CoGetMalloc
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree

advapi32

RegOpenKeyExA
RegQueryValueA
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueExA
RegSetValueA
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
IsTextUnicode

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
CreateDirectoryW
MoveFileW
RemoveDirectoryW
GetShortPathNameW
GetFullPathNameW
FindNextFileW
GetSystemDirectoryW
GetWindowsDirectoryW
GetTempPathW
CopyFileW
DeleteFileW
GetFileAttributesW
VirtualProtect
MoveFileA
VirtualAlloc
GetShortPathNameA
GetFullPathNameA
FindNextFileA
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
CopyFileA
DeleteFileA
GetStdHandle
InterlockedDecrement
InterlockedIncrement
SetFileAttributesW
SetFileAttributesA
GetUserDefaultLCID
GetVersion
GetLocaleInfoA
LoadLibraryExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExA
LoadLibraryA
GetProcAddress
GetModuleFileNameW
GetTickCount
GetConsoleMode
GetFileInformationByHandle
SetFilePointer
WriteConsoleW
WriteFile
PeekNamedPipe
ReadFile
CloseHandle
CreateFileW
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
GetLogicalDrives
SetVolumeLabelW
SetVolumeLabelA
SetErrorMode
GetVolumeInformationW
GetVolumeInformationA
GetDiskFreeSpaceW
GetLastError
GetDiskFreeSpaceA
GetDriveTypeW
GetDriveTypeA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadResource
FindResourceExW
LoadLibraryExW
MapViewOfFile
CreateFileMappingW
GetLocaleInfoW
GetVersionExW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceW
GetFileAttributesA
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
LCMapStringA
SearchPathW
SetLastError
CompareStringW
CompareStringA

user32

CharNextA
LoadStringA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

Exports

Exports

ServiceMain
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoOpenPipeStream

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5796a7375ed23cb88f8fc7ceb5d87fbb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

ole32

advapi32

kernel32

user32

version

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 117KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 108KB - Virtual size: 107KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 120KB - Virtual size: 117KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 108KB - Virtual size: 107KB

.reloc
Size: 8KB - Virtual size: 5KB