94cb3fd7437b098f58134f40bfe0d1cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

94cb3fd7437b098f58134f40bfe0d1cb_JaffaCakes118
Size

68KB
MD5

94cb3fd7437b098f58134f40bfe0d1cb
SHA1

623e8659083bdaed7b03a9f750e8fe43a228ac92
SHA256

4239e021128c35d7b78532a3d11c6951b9ed39a36c1f36e729867823774a8b82
SHA512

4a2d461a340e09fc58bed220d3f39137553d204dbf5bcf0cfbdd5659ef3b0141d15ed0cb521fc06cc68154894e8bd384b7df520abf68888a517b9b03b3788774
SSDEEP

768:HsBktsRjpqWaqpiGnOWwmZ0ydTacJYtLaYo3zsy/LWz7wYjulCw2XizQqj3+X:HiZpiGnOASYaeum0yTWfwYiwyzQqjOX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94cb3fd7437b098f58134f40bfe0d1cb_JaffaCakes118

Files

94cb3fd7437b098f58134f40bfe0d1cb_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6bc0d7a79a88778afdabd796185a3462

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetModuleFileNameA
lstrcatA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetProcAddress
CloseHandle
OpenMutexA
lstrcpynA
LocalFree
LocalLock
LocalAlloc
SetEvent
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
lstrcmpiA
lstrlenA
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
OpenEventA
InterlockedExchange
GetSystemTimeAsFileTime

user32

SendMessageA
SetWindowLongA
EndPaint
CallWindowProcA
CharNextA
DrawTextExA
DrawIconEx
DrawEdge
FillRect
BeginPaint
LoadStringA
PtInRect
GetClientRect
ScreenToClient
GetCursorPos
RedrawWindow
MoveWindow
IsWindow
ShowWindow
InvalidateRect
CreateWindowExA
GetWindow
GetClassNameA
LoadIconA
GetParent

gdi32

GetPixel
SetPixel
SetBkMode
TextOutA
SelectObject

advapi32

RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA

ole32

StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

LoadRegTypeLi
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringLen

shlwapi

PathFindExtensionA

msvcr71

__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
memset
??2@YAPAXI@Z
_purecall
_mbscmp
??_U@YAPAXI@Z
realloc
wcsncpy
??3@YAXPAX@Z
__CxxFrameHandler
??_V@YAXPAX@Z
_CxxThrowException
_except_handler3
_resetstkoflw
free
malloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bc0d7a79a88778afdabd796185a3462

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

msvcr71

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 468B

.rsrc Size: 24KB - Virtual size: 20KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 468B

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 4KB - Virtual size: 2KB