8d7e30de8c8d2e2cc023a5a8ef1486d4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8d7e30de8c8d2e2cc023a5a8ef1486d4_JaffaCakes118
Size

132KB
MD5

8d7e30de8c8d2e2cc023a5a8ef1486d4
SHA1

6c65fa99432d244fa17b15942235d17efb6b82d4
SHA256

a6bdf747d8f8c0a66cef38c52960983904c576e125b9469923b8ca100df00f45
SHA512

bd716a78e792812b3f9795ec621b98726b09f916341f282cc87147e15862a586f32e0cf25ba096045226044edf3172a8fb73c3f60483d5d8924d30f5b51fa731
SSDEEP

1536:8uLQbCvsignFppSHT7iZGxJHzLG768Jslg4VeUQ7PzkYAkn4+K:VP8HZGLa68Jslg4sUQ7PzLAhJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d7e30de8c8d2e2cc023a5a8ef1486d4_JaffaCakes118

Files

8d7e30de8c8d2e2cc023a5a8ef1486d4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c3bfab5650ffe751686bd4619775e88d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
ReadFile
FindClose
LockResource
SizeofResource
LoadResource
FindResourceA
ReadProcessMemory
GetCommandLineA
OpenProcess
TerminateProcess
Process32Next
OutputDebugStringA
Process32First
CreateToolhelp32Snapshot
FindNextFileA
Module32Next
Module32First
GetCurrentProcess
GetProcAddress
LoadLibraryA
LoadLibraryExA
SetErrorMode
SetEndOfFile
GetStringTypeW
SetFileAttributesA
VirtualQuery
ExitProcess
FreeLibrary
GetVersion
CreateFileA
CloseHandle
GetFileAttributesA
GetSystemDirectoryA
CreateProcessA
GetModuleFileNameA
GetShortPathNameA
GetLastError
MoveFileExA
GetTickCount
Sleep
DeleteFileA
MoveFileA
GetWindowsDirectoryA
GetVersionExA
lstrcatA
CopyFileA
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapFree
HeapAlloc
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
InitializeCriticalSection
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
WriteFile
GetCPInfo
GetACP
GetOEMCP

user32

CharNextA
CharUpperA
CharLowerA

advapi32

CreateServiceA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
DeleteService
OpenServiceA
StartServiceA
CloseServiceHandle
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

OleInitialize
OleUninitialize

shlwapi

SHGetValueA
SHDeleteKeyA
SHSetValueA
SHDeleteValueA
PathFileExistsA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3bfab5650ffe751686bd4619775e88d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 8KB - Virtual size: 5KB