6f8714319785878c20be7e06d842f6fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6f8714319785878c20be7e06d842f6fc_JaffaCakes118
Size

125KB
MD5

6f8714319785878c20be7e06d842f6fc
SHA1

1f8ba0f0530da5415d09599707c3406e27ea211d
SHA256

382f7157f9d1a4330c4d0aef844bd3d56177428016af0ba7296d872c86c2c753
SHA512

7eefcadc1d7f1dad3071d2613b2da36f52e0334c51f25d55f845faead58ec9038e2be26201b1ad3f2152d9713b266cd3d6c9014984757b50663b53595428052f
SSDEEP

3072:1WFYNAhhQ9kTcyr/vHvFzcm3JxZQuZXwq0Afh:1WWAH8mjZQuZXwq0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f8714319785878c20be7e06d842f6fc_JaffaCakes118

Files

6f8714319785878c20be7e06d842f6fc_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

189fcd0f5e25008c330f22470cc57856

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
SystemTimeToFileTime
GetSystemTime
lstrlenA
IsBadWritePtr
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetLastError
CreateMutexA
GetModuleFileNameW
lstrcpynA
GetVersionExA
LoadLibraryA
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
ReadFile
GetFileSize
CreateFileA
GetShortPathNameA
GetLongPathNameA
GetSystemDirectoryA
GetWindowsDirectoryA
CreateThread
SetLastError
lstrcmpA
Sleep
LoadLibraryW
GetProcessHeap
HeapAlloc
HeapFree
OpenProcess
lstrlenW
VirtualAllocEx
CreateRemoteThread
GetExitCodeThread
VirtualFreeEx
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
WaitForMultipleObjects
WaitForSingleObject
TerminateThread
CreateToolhelp32Snapshot
GetModuleFileNameA
lstrcpyA
CopyFileA
LoadLibraryExA
ReadProcessMemory
FreeLibrary
DeleteFileA
VirtualQuery
lstrcmpiA
VirtualProtect
WriteProcessMemory
OpenMutexA
WideCharToMultiByte
GetVersion
GetCurrentProcessId
Module32First
Module32Next
CloseHandle
GetModuleHandleA
GetCurrentProcess
FlushInstructionCache
GetSystemInfo
GetProcAddress
UnmapViewOfFile
IsBadStringPtrA
OutputDebugStringA
WritePrivateProfileSectionA
WriteFile
MoveFileExA
GetPrivateProfileStructA
GetTempPathA
GetPrivateProfileIntA
WritePrivateProfileStructA
lstrcatA
FindFirstFileA
FindNextFileA
FindClose
DeviceIoControl
Process32First
GetTickCount
Process32Next
CreateProcessA
GetACP
InterlockedDecrement
IsDebuggerPresent

user32

FindWindowA
GetClassNameA
IsWindow
RegisterWindowMessageA
DispatchMessageA
FindWindowExA
GetWindowThreadProcessId
PostMessageA
TranslateMessage
SetTimer
SetWindowsHookExA
SetWindowsHookExW
EnumWindows
SendMessageA
GetParent
GetWindowTextA
CallNextHookEx
UnhookWindowsHookEx
KillTimer
DestroyWindow
PostQuitMessage
GetClassInfoExA
RegisterClassExA
CreateWindowExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
GetMessageA

gdi32

GetStockObject

advapi32

RegNotifyChangeKeyValue
AdjustTokenPrivileges
LookupPrivilegeValueA
RegOpenKeyA
RegEnumKeyExA
RegEnumKeyA
RegEnumValueA
RegCloseKey
RegOpenKeyExA
OpenProcessToken
FreeSid
RegSetKeySecurity
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
AllocateAndInitializeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegCreateKeyA
RegSetValueExA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
DeleteService
OpenServiceA
QueryServiceStatus
StartServiceA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA

ole32

StringFromCLSID
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

shlwapi

PathFileExistsA
StrStrIA
PathStripToRootA
PathRemoveBlanksA
PathRemoveBackslashA
PathRemoveFileSpecA
PathFindExtensionA
PathAppendA
PathRemoveExtensionA
SHGetValueA
SHDeleteKeyA
SHDeleteValueA
SHSetValueA
PathFindFileNameA

imagehlp

ImageDirectoryEntryToData

msvcrt

memmove
_CxxThrowException
_mbsicmp
rand
wcscpy
sprintf
_mbsnbicmp
_mbschr
srand
time
_mbscmp
_mbsnbcpy
_snprintf
fclose
fwrite
fopen
sscanf
printf
wcslen
_wcsicmp
tmpnam
fseek
fputs
strstr
fgets
rewind
strrchr
strchr
fread
ftell
malloc
_vsnprintf
_strnicmp
strncpy
_stricmp
_except_handler3
strncat
_strtime
_strdate
atoi
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
free
_purecall
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_tempnam
_wcsnicmp
_itoa
_strlwr
realloc

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Rundll32
Rundll32_

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared_T
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared_H
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

189fcd0f5e25008c330f22470cc57856

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

imagehlp

msvcrt

version

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 9KB

Shared_T Size: 512B - Virtual size: 16B

Shared_H Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 9KB

Shared_T
Size: 512B - Virtual size: 16B

Shared_H
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 9KB - Virtual size: 8KB