71f14818ac0c907d79c16dda3d4bbac6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

71f14818ac0c907d79c16dda3d4bbac6_JaffaCakes118
Size

18KB
MD5

71f14818ac0c907d79c16dda3d4bbac6
SHA1

bcc7cdd467483866ce0b8f32dca074ea8c43e6dd
SHA256

096df7500a004e8f6c231ca8807f981dd24b0f92298201ed19b782f8fdc6a520
SHA512

b85608fd7200d32c612c7ae334ceb8d2963cc67f1fc7e815f6e6be56f17d75eaf9fc3ffce7e8846d274a6312f60bc95c415837a9c81bd03dea637a2a07181960
SSDEEP

384:ULxXnmRo+PPFJvLxDT/arr/gsVhrxElO0E6eC+GQt5yx:lZP9JZ/grVheO00kx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/assecblk.dll

Files

71f14818ac0c907d79c16dda3d4bbac6_JaffaCakes118
.cab
assecblk.dll
.dll regsvr32 windows:4 windows x86 arch:x86

fbaffa0d4aeb7cb9a8dc2eba5f236843

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA
StrStrIA
PathIsURLA
SHDeleteValueA
SHSetValueA
SHGetValueA

kernel32

CreateFileA
ReadFile
SetFilePointer
GetModuleFileNameA
GetCurrentProcessId
GetProcAddress
LoadLibraryA
GetShortPathNameA
GetEnvironmentVariableA
DeleteFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetLastError
CreateEventA
SetEvent
ResetEvent
WaitForSingleObject
MultiByteToWideChar
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
LockResource
SizeofResource
DeviceIoControl
FindResourceA
GetCurrentProcess
MoveFileExA
CopyFileA
CreateDirectoryA
GetVersionExA
CloseHandle
LoadResource

user32

LoadStringA
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

RegOpenKeyA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyA
RegCloseKey

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

comctl32

ord17

msvcrt

fseek
ftell
fgets
??2@YAPAXI@Z
fprintf
rewind
__dllonexit
_onexit
_initterm
toupper
fopen
fwrite
fclose
strncmp
_strnicmp
strncpy
strrchr
strchr
_strlwr
_adjust_fdiv
??3@YAXPAX@Z
strstr
_stricmp
__CxxFrameHandler
_snprintf
free
_beginthreadex
malloc
_except_handler3

Exports

Exports

DllRegisterServer
DllUnregisterServer
Events
ExecFunc
Free
Init
Invoke
ModuleInvoke
ModuleRun

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbaffa0d4aeb7cb9a8dc2eba5f236843

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

version

comctl32

msvcrt

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 2KB