a13c12a86ad66c23a2afef34c759aa7c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a13c12a86ad66c23a2afef34c759aa7c_JaffaCakes118
Size

328KB
MD5

a13c12a86ad66c23a2afef34c759aa7c
SHA1

555614f37e944a5f0d39852e0e46434ac8f2e159
SHA256

2719a67655fa74b1416a5124bbddf1c1c10c93698326cee50012dd74a673e8a8
SHA512

7d483dc0b0086600df2169cb8cf69cb64c2c48053848f60a7aaf9e173ee5217c31178d750602d20bf8508150857ba64df8cb6bffa3400329672d40075b64e1f1
SSDEEP

6144:xJz9qHLMBDZb/HHGedw6GKFTQyuPGL/4FvR78iFtugnmc:bxqHKDHI6Gv+Av8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a13c12a86ad66c23a2afef34c759aa7c_JaffaCakes118

Files

a13c12a86ad66c23a2afef34c759aa7c_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

beeee5f3a4d1cc680e386c02045a4ba2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strncmp
_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
_CxxThrowException
??2@YAPAXI@Z
_purecall
_EH_prolog
__CxxFrameHandler
_except_handler3
strncpy
??3@YAXPAX@Z
wcscpy
wcslen
_itow
wcscat
??1type_info@@UAE@XZ
_wcsicmp
_ltoa
wcschr
wcsstr
wcstol
_ftol
wcsrchr
floor
wcsncmp
wcstok
realloc
_wtoi
bsearch
qsort
wcscmp
swprintf
_snwprintf

kernel32

Sleep
GetCPInfo
ResetEvent
LoadLibraryA
WaitForSingleObject
SetEvent
CreateEventA
CreateMutexA
InterlockedCompareExchange
GetVersionExA
LoadLibraryExA
GetSystemDefaultLCID
GetLastError
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
CloseHandle
InterlockedExchange
MultiByteToWideChar
FormatMessageA
LocalAlloc
FormatMessageW
GetCurrentThreadId
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsBadReadPtr
IsBadWritePtr
IsValidLocale
GetTimeZoneInformation
GetProcAddress

user32

LoadStringW
LoadStringA

advapi32

RegDeleteKeyA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA

ole32

CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler
StringFromCLSID
StringFromGUID2
CLSIDFromProgID
CLSIDFromString

oleaut32

SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
VarDateFromStr
SafeArrayCreate
SafeArrayRedim
SafeArrayPutElement
SafeArrayCreateEx
SafeArrayGetElement
SystemTimeToVariantTime
SafeArrayCreateVector
SafeArrayUnaccessData
VariantTimeToSystemTime
VarDecCmp
VarDecFromI4
VarDecFromStr
DispGetParam
SafeArrayCopy
VariantCopy
VariantChangeTypeEx
SafeArrayCopyData
SafeArrayDestroy
VariantInit
VariantClear
VariantChangeType
LoadRegTypeLi
GetErrorInfo
SysAllocStringLen
LoadTypeLibEx
CreateErrorInfo
SetErrorInfo
SysStringLen
SysAllocString
SysFreeString
UnRegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

beeee5f3a4d1cc680e386c02045a4ba2

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 175KB - Virtual size: 174KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 136KB - Virtual size: 135KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 175KB - Virtual size: 174KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 136KB - Virtual size: 135KB

.reloc
Size: 15KB - Virtual size: 14KB