67e229f169b9c3608fdfec6ef9d0d0cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

67e229f169b9c3608fdfec6ef9d0d0cf_JaffaCakes118
Size

253KB
MD5

67e229f169b9c3608fdfec6ef9d0d0cf
SHA1

df5c37da06e48b22347676af3a5e7531429ec039
SHA256

a720add051a9e3f2716c5b9c406c3bf54e2e89120a78f9979c23343743657c3c
SHA512

8f0b8f753dc112dd12fffa16dd829f5472ea5548f5b31e5f588d966aa27c5d471605b4ed6f0a905f0d96b29baaa74482ef3a5df18458c6c13ed7735fe4d1f4b1
SSDEEP

3072:3MpIe+2q4g+wJndJtysqWIvbdVLXsELeg0hd+GMgsoyR6uAQtFYSdmQGynT9xjjO:3MT+29g+4dexUECQGMgs1guJH/z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67e229f169b9c3608fdfec6ef9d0d0cf_JaffaCakes118

Files

67e229f169b9c3608fdfec6ef9d0d0cf_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ac63f8f7f102ff536f9b5c825f4442d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msgsc.pdb

Imports

msvcrt

_initterm
malloc
??2@YAPAXI@Z
_except_handler3
_adjust_fdiv
__dllonexit
_onexit
??3@YAXPAX@Z
free
wcslen
wcsncmp

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetVersionExW
GetProcAddress
Sleep
GetVersionExA
SetUnhandledExceptionFilter
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetFileAttributesW
LoadLibraryW
FreeLibrary
SetFileAttributesW
DeleteFileW
GetModuleFileNameW
CreateEventW
CloseHandle
GetLastError

user32

SetForegroundWindow
FindWindowW
SendMessageW
LoadStringW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

CreateStdDispatch
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
LoadRegTypeLi
VariantClear
VariantInit
VariantCopy
SysFreeString
SysAllocString

rpcrt4

CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrClientCall2
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerQueryInterface
UuidFromStringW
CStdStubBuffer_AddRef

shlwapi

StrStrIW
StrCatBuffW
wnsprintfW

ntdll

memset

advapi32

RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyW
RegFlushKey
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
HideIcons
Reinstall
ShowIcons

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 289B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac63f8f7f102ff536f9b5c825f4442d0

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

ole32

oleaut32

rpcrt4

shlwapi

ntdll

advapi32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 71KB

.orpc Size: 512B - Virtual size: 289B

.data Size: 173KB - Virtual size: 174KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 71KB - Virtual size: 71KB

.orpc
Size: 512B - Virtual size: 289B

.data
Size: 173KB - Virtual size: 174KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB