7364b62b9150d8eee6bca4770d25404e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7364b62b9150d8eee6bca4770d25404e_JaffaCakes118
Size

206KB
MD5

7364b62b9150d8eee6bca4770d25404e
SHA1

50b2bb3a82c19d08c16c1c99d648a7f69980501b
SHA256

f00fa0ae521ee0e5ea73ab84147a17f382633942d81845347be14f29a62876ec
SHA512

d251f98f40b51fb20c77dda7b8331383da68e7900047ccb297ab917a369aa1e9c85bd923b388705effc6eeef742682b2695b957bdd82c44062c6726be409cf01
SSDEEP

6144:9G0uq1qkPN3YwCMJMmgxqsvK/OrxFvHULU:YHqEmYwCMRgAsBxFvHF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7364b62b9150d8eee6bca4770d25404e_JaffaCakes118

Files

7364b62b9150d8eee6bca4770d25404e_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

97cd4e80b37468cbe7156bdd2199ec66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SNIFFPOL.pdb

Imports

atl

ord15
ord32
ord23
ord30
ord57
ord18
ord21
ord58
ord16

ntdll

RtlUnwind

kernel32

InterlockedDecrement
DisableThreadLibraryCalls
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
InterlockedIncrement
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
WriteFile
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
IsBadWritePtr
LoadLibraryA
InterlockedExchange
VirtualQuery
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
UnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
TerminateProcess
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA

oleaut32

SysStringLen
LoadRegTypeLi
SysFreeString
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97cd4e80b37468cbe7156bdd2199ec66

Headers

File Characteristics

PDB Paths

Imports

atl

ntdll

kernel32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 25KB

.data Size: 173KB - Virtual size: 174KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 25KB

.data
Size: 173KB - Virtual size: 174KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB