a468b1f69d89006710d5b1b7301cb33b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a468b1f69d89006710d5b1b7301cb33b_JaffaCakes118
Size

144KB
MD5

a468b1f69d89006710d5b1b7301cb33b
SHA1

8076652048c0249a0cbf9a2e83ee03fe96cbd849
SHA256

8d67e4cfccc1906c660471fa85c341bf797af4230f17e2c2394a37dc7adc0a56
SHA512

77aea77350ffe4d36ab54d71dad91421801474918541f4291978dd3870748f2a2fcf43aad7cb5c43620b7c484091cbfb5f80c13b0cc2c047edc299884f382bba
SSDEEP

3072:xYBm/8JFtojYcvunP03GlR6WNt+c3BBJ+kt668EJ+OI:x3MtdSCP03GlRNt+c3sSJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a468b1f69d89006710d5b1b7301cb33b_JaffaCakes118

Files

a468b1f69d89006710d5b1b7301cb33b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

20c733b50a387d08f1c317fc70416e57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetOpenA
InternetOpenUrlA
InternetAutodial
InternetGetConnectedState
InternetCloseHandle

mfc42

ord825
ord823
ord800
ord540
ord537
ord860
ord1200
ord941
ord2818
ord2915
ord1601

msvcrt

free
__CxxFrameHandler
_purecall
_wcsicmp
sprintf
strcat
memcpy
malloc
realloc
memset
memcmp
_CxxThrowException
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv

kernel32

LocalFree
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemDirectoryA
GetWindowsDirectoryA
DisableThreadLibraryCalls
FreeLibrary

user32

SetCursor
LoadCursorA
CharNextA
MessageBoxA

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

shell32

ShellExecuteA

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

RegisterTypeLi
LoadTypeLi
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantClear
GetErrorInfo
SysAllocStringLen
SysFreeString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RegisterInternetSubmissions

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20c733b50a387d08f1c317fc70416e57

Headers

File Characteristics

Imports

version

wininet

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 104KB - Virtual size: 102KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 104KB - Virtual size: 102KB

.reloc
Size: 4KB - Virtual size: 2KB