8d676ca56d07766eb596e45461515312_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d676ca56d07766eb596e45461515312_JaffaCakes118
Size

21KB
MD5

8d676ca56d07766eb596e45461515312
SHA1

6049390e2a8d9ead445bbad93c38152ce0c29540
SHA256

3b15327d4acbf9cda6835e0824df5e6804889fbb6491f6101f85ecd59b56acfb
SHA512

cbcdbf7f218efb943752daa1c4e72a3aebf0700b05e0752a039d0f30ac79086ef4ee0298b9a16d1ddb305e0c370e3be77d5f01ba229927c1ac301b4ee22b1786
SSDEEP

384:uOLYH4lLVRCiERDaXuhXCNK7+gOW3gxhF88N:lS4Ii+hXf2WwXF88N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d676ca56d07766eb596e45461515312_JaffaCakes118

Files

8d676ca56d07766eb596e45461515312_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1e906e48267d0388192393091b1e27dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetTickCount
GlobalAlloc
GlobalFree
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapDestroy
TerminateThread
HeapFree
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
GetModuleHandleA
lstrlenA
GetSystemTimeAsFileTime
LoadLibraryW
ExpandEnvironmentStringsW
HeapCreate
lstrcpyA
CreateEventA
SetEvent
GetCurrentProcessId
CreateMutexA
GetLastError
VirtualFree
VirtualAlloc
CreateThread
CloseHandle
lstrcpynA

user32

wvsprintfA
wsprintfA

ntdll

wcscmp
wcsncpy
wcslen
atoi
strstr
tolower

ws2_32

setsockopt
shutdown
send
ioctlsocket
gethostbyname
inet_addr
recv
connect
closesocket
socket
select
WSAGetLastError
WSCEnumProtocols
WSCInstallProvider
WSCGetProviderPath
WSCDeinstallProvider
ntohs
inet_ntoa
WSASetLastError

rpcrt4

UuidCreate

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW

Exports

Exports

DllMain
DllRegisterServer
DllSetName
DllUnregisterServer
UnadviseEvents
WSPStartup

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e906e48267d0388192393091b1e27dc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

ws2_32

rpcrt4

advapi32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB