8ba897c0ebcf1a32a9283e38107fa5e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8ba897c0ebcf1a32a9283e38107fa5e8_JaffaCakes118
Size

156KB
MD5

8ba897c0ebcf1a32a9283e38107fa5e8
SHA1

e7c003df93913ed6efab73a97b9c4ae3f7ddc029
SHA256

4d3856b061a4a19e71be4ca1b53a8f1fb8150e9671da1cebc441f8f3da03ae11
SHA512

a31ecbe41b04bd0128604f654f4f8fac7c92f0bb261e6b3b9e4219975ac978dcb1e9d153a301989266d4a1956253c6af211eccb93fcd7e4527f3ef5daf0b39f3
SSDEEP

1536:ZrCGz/3v3TgKrXh6dATV2m6LUT2jZU2Gh/tiD9zICS4AP7LQqoULapJ/nlgIPXZQ:sATgShTAPeeYNLQqoXpfHR8O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ba897c0ebcf1a32a9283e38107fa5e8_JaffaCakes118

Files

8ba897c0ebcf1a32a9283e38107fa5e8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

dc4867866f53d2a1f029b54cf8c86f88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DispatchMessageA
wsprintfA
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
TranslateMessage
GetMessageA
ShowWindow
SetWindowPos
SystemParametersInfoA
GetClassNameA
KillTimer
SetTimer
DefWindowProcA
RegisterClassExA
CreateWindowExA

kernel32

RaiseException
GetOEMCP
GetACP
ReadFile
SleepEx
GetTickCount
CloseHandle
OpenProcess
LocalFree
CreateFileA
GetModuleFileNameA
FreeLibrary
CreateRemoteThread
WriteProcessMemory
GetProcAddress
VirtualAllocEx
LoadLibraryA
GetCurrentProcessId
MoveFileExA
WaitForSingleObject
CreateProcessA
DeleteFileA
GetSystemDirectoryA
WriteFile
GetFileAttributesA
GetFileType
TerminateProcess
GetCurrentProcess
GetLocalTime
MultiByteToWideChar
SetEndOfFile
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
GetStringTypeW
TlsGetValue
SetHandleCount
GetStringTypeA
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetLastError
SetLastError
RtlUnwind
WideCharToMultiByte
HeapReAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree

advapi32

SetEntriesInAclA
SetSecurityInfo
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetSecurityInfo

shell32

StrStrIA

ole32

CoInitialize
CoCreateGuid
CoCreateInstance

oleaut32

VariantInit
SysAllocString
GetErrorInfo

shlwapi

SHSetValueA
SHGetValueA

netapi32

Netbios

wininet

InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA

rpcrt4

UuidToStringA

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc4867866f53d2a1f029b54cf8c86f88

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

netapi32

wininet

rpcrt4

psapi

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 90KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 28KB - Virtual size: 32KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 28KB - Virtual size: 32KB

.reloc
Size: 8KB - Virtual size: 6KB