6fd9797d8579d58fe29eca92ddf06068_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6fd9797d8579d58fe29eca92ddf06068_JaffaCakes118
Size

120KB
MD5

6fd9797d8579d58fe29eca92ddf06068
SHA1

20abc311671f50c8f2f1fc74e4dfc2df4e45a532
SHA256

fe29bcb16b5e6da0efc6f1200e09a4b41f16811a47c66ea127a10eecba9c2a3e
SHA512

89d1f82f205fe91c91a484d1e9ad9284fbb97b9b73d54320c4f1e8e8242effa8807a2ff6f7efc4de813a0ebc16dd95cede8410194aee16827418fdf053234ced
SSDEEP

1536:A4BgJfZh464utPdbdd3dJPpPDCTRVqQUs55zJUDbr/o9yZ99NYv8n:A4BgJRu64utPnPD0Usbu//o9yZHNY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fd9797d8579d58fe29eca92ddf06068_JaffaCakes118

Files

6fd9797d8579d58fe29eca92ddf06068_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4c4c8bd2be2b7e515e484a56b626e920

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
SetEvent
DeleteFileA
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
GetShortPathNameA
GetModuleFileNameA
WriteFile
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
WideCharToMultiByte
GlobalUnlock
GlobalLock
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
SetStdHandle
TerminateThread
CloseHandle
CreateThread
Sleep
FreeLibrary
lstrlenA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetFilePointer
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetLastError
LocalFree
InterlockedExchange
RtlUnwind
HeapReAlloc
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
RaiseException
HeapFree
ExitProcess
GetCPInfo
GetACP
GetOEMCP
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
VirtualFree
VirtualAlloc
IsBadWritePtr
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapCreate
TerminateProcess
GetCurrentProcess
HeapSize

user32

LoadStringA
CharNextA
CloseClipboard
GetClipboardData
OpenClipboard
CharLowerA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

ole32

CoInitialize
CoCreateInstance

oleaut32

LoadTypeLi
SysFreeString
SysAllocString
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringLen
VariantInit
VariantClear

wininet

InternetOpenA
HttpQueryInfoA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

shlwapi

PathFileExistsA

rpcrt4

UuidFromStringA

Exports

Exports

CreateHelperObject
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IsUnicode

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c4c8bd2be2b7e515e484a56b626e920

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

shlwapi

rpcrt4

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 23KB

.SHARED Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 23KB

.SHARED
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 6KB