6ef175ffa6a7ee9df04f80d53c4e6d1e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6ef175ffa6a7ee9df04f80d53c4e6d1e_JaffaCakes118
Size

80KB
MD5

6ef175ffa6a7ee9df04f80d53c4e6d1e
SHA1

279d8f1443c1fe3f4e0db6d46dcc887b2d6b5516
SHA256

00f4e0d31abb41b5c9da788daacd6556385df201c284b2169f469672ec59a5cf
SHA512

4cbbdf048291798fcaedc474fd6d77f92872376431cc112c6210103cc005ee7837798dd6288d004d092abd34ffe6851d9b09ded326ae627ea52306b5167c124d
SSDEEP

1536:Pw/wzFRD/X39iy/hp7Mezwzo3tqDwzWKMXaCNrSs0JjEvytKGpymsxRbcHU:PNzwzIDMqkrS75ayt7oSU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ef175ffa6a7ee9df04f80d53c4e6d1e_JaffaCakes118

Files

6ef175ffa6a7ee9df04f80d53c4e6d1e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8c0ff6be6926509f5acc44709e96c0b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA
SHDeleteKeyA
PathFileExistsW

crypt32

CryptUnprotectData

kernel32

WriteFile
CreateFileW
InterlockedIncrement
InterlockedDecrement
GetSystemDirectoryA
GetPrivateProfileIntA
DeleteFileW
GetSystemDirectoryW
GetWindowsDirectoryA
GetFileSize
CreateFileA
MoveFileA
GetLocaleInfoA
GetSystemDefaultLCID
GetTickCount
CreateThread
LoadLibraryA
GetLastError
CreateMutexA
GetModuleFileNameW
DisableThreadLibraryCalls
FileTimeToSystemTime
FileTimeToLocalFileTime
FlushFileBuffers
lstrcatA
lstrcpyA
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
ReadFile
ExpandEnvironmentStringsW
GlobalFree
lstrcmpiW
GlobalAlloc
GetCurrentThreadId
Sleep
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateProcessA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
GetLocalTime
WritePrivateProfileStringA
GetPrivateProfileStringA
WritePrivateProfileStringW
LocalFree

user32

IsCharAlphaNumericA
EnumWindows
DispatchMessageA
TranslateMessage
GetMessageA
DrawIcon
PostThreadMessageA
ShowWindow
FindWindowExA
GetCursorPos
GetCursor
GetWindowTextA

gdi32

CreateDCA
GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetDIBColorTable
DeleteObject
DeleteDC

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
RegCloseKey
IsTextUnicode
RegOpenKeyA

ole32

CreateStreamOnHGlobal
OleInitialize
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantChangeType
VariantCopy
SafeArrayCreateVector
SysFreeString
SysAllocString
VariantClear
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SafeArrayAccessData

wininet

FindNextUrlCacheEntryA
FindCloseUrlCache
HttpSendRequestA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry

msvcrt

sscanf
wcscat
rand
srand
_strcmpi
time
fwrite
tmpnam
_unlink
wcscpy
wcsstr
_wcslwr
wcsncpy
wcschr
_wcsnicmp
rewind
fread
fopen
_wcsicmp
fclose
fprintf
fflush
wcslen
strstr
_strupr
isupper
tolower
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
div

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c0ff6be6926509f5acc44709e96c0b7

Headers

File Characteristics

Imports

shlwapi

crypt32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 7KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 7KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 4KB