72360fd5bb3859943ffecc06d4782edd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

72360fd5bb3859943ffecc06d4782edd_JaffaCakes118
Size

52KB
MD5

72360fd5bb3859943ffecc06d4782edd
SHA1

745a8a4a84661c6fae9734670f0bc38b7dfe1a74
SHA256

e17a1590dbca69739e64dfe209c914dcd953512c26b3cc7ac6c0ec3457a80660
SHA512

78b56b5ff07bb75ed41da4f14bf9fb1095d6330ad4b3b5377c2489966e7084b6de45929270fae4719a7dbf429cc69abf985f39d07d9e50769bcdb505f1a7ca1e
SSDEEP

1536:A/I5Qi8SWTTny0DVf7yUBQG4iIdBMo9dNK:l8SEW0DNyUB4iyGidNK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72360fd5bb3859943ffecc06d4782edd_JaffaCakes118

Files

72360fd5bb3859943ffecc06d4782edd_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e927fb6f7835ef03991cc7e8f762a42d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
MoveFileA
MultiByteToWideChar
LocalFree
RemoveDirectoryA
CreateDirectoryA
GetExitCodeProcess
WaitForSingleObject
WritePrivateProfileStringA
ExitProcess
FindFirstFileA
Sleep
Process32Next
Process32First
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
HeapDestroy
GetShortPathNameA
GetModuleHandleA
GetPrivateProfileStringA
SetFileAttributesA
DeleteFileA
FindNextFileA
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetCommandLineW
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetModuleFileNameA
CreateProcessA
CloseHandle
WideCharToMultiByte
lstrlenW
lstrlenA

advapi32

RegDeleteKeyA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA

shell32

CommandLineToArgvW
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoGetInterfaceAndReleaseStream
CoInitialize
CoMarshalInterThreadInterfaceInStream

oleaut32

SysStringLen
LoadRegTypeLi
VariantClear
SysAllocString
SysFreeString

msvcrt

strstr
_stricmp
_strlwr
_adjust_fdiv
malloc
_initterm
free
_purecall
memcpy
strncmp
strncpy
fopen
fseek
ftell
??2@YAPAXI@Z
fread
strlen
??3@YAXPAX@Z
memset
sprintf
wcsstr
_wcslwr
strcmp
strrchr
atoi
strchr
_strupr
strcat
strcpy
_access
memcmp
fclose

shlwapi

SHSetValueA
SHDeleteKeyA
SHDeleteValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e927fb6f7835ef03991cc7e8f762a42d

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

idata Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

idata
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 2KB