8ccbf99a8134a29f444746048d92e66c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8ccbf99a8134a29f444746048d92e66c_JaffaCakes118
Size

88KB
MD5

8ccbf99a8134a29f444746048d92e66c
SHA1

5568a10c15b33475e4994097e969c35555a602d8
SHA256

cc8ea25d4592cd72d017fca287967fd1010a4183dd5d4ed9e048acf4cc962255
SHA512

e736928936641495024b323d502091b841b9d38fee891b5c8a17fa3ef1e5cb0f6be3ee10ce10e7a7df16d537ad7f333acb6223500e16c987e396c89c4ba6a9d9
SSDEEP

1536:71wVwVyyGnEWabovHzE8c82mMpZICS4AJeZyw47aI5mFwLap2S:7ODhEW8sgr82dUHky1lA1s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ccbf99a8134a29f444746048d92e66c_JaffaCakes118

Files

8ccbf99a8134a29f444746048d92e66c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7d11f43c6e9f0c01866252d37b111256

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidToStringA

netapi32

Netbios

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
free
malloc
_stricmp
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
strtok
toupper
isspace
isalpha
srand
isxdigit
isalnum
__mb_cur_max
wctomb
printf
ispunct
strstr
??1exception@@UAE@XZ
??0exception@@QAE@XZ
strchr
_CxxThrowException
atoi
tmpnam
fopen
fwrite
fclose
??0exception@@QAE@ABV0@@Z
strncpy

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

ole32

CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

VariantClear
GetErrorInfo
SysAllocString

wininet

InternetOpenA
InternetSetOptionA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile

user32

GetClassNameA
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
SetTimer
DefWindowProcA
wsprintfA
SystemParametersInfoA
SetWindowPos
KillTimer

shlwapi

StrStrIA
SHGetValueA
SHSetValueA

kernel32

OpenProcess
VirtualAllocEx
GetProcAddress
WriteProcessMemory
CreateRemoteThread
CloseHandle
FreeLibrary
SleepEx
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
GetVersionExA
GetEnvironmentVariableA
GetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
LoadLibraryA
DisableThreadLibraryCalls
GetWindowsDirectoryA
GetCurrentProcessId
GetModuleFileNameA
InterlockedExchange
lstrcpyA
lstrcpynA
GetVersion
lstrcmpiA
lstrcmpA
GetSystemInfo
CreateFileA
MultiByteToWideChar
FormatMessageA
LocalFree
GetFullPathNameA
SetLastError
MoveFileExA
WaitForSingleObject
CreateProcessA
DeleteFileA
GetSystemDirectoryA
HeapFree
GetLastError
GetLocalTime
HeapSize
Sleep
lstrlenA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d11f43c6e9f0c01866252d37b111256

Headers

File Characteristics

Imports

rpcrt4

netapi32

msvcrt

psapi

advapi32

ole32

oleaut32

wininet

user32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 16KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 16KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 3KB