a5c9e06a2421d69a56b86f30fb62cbea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5c9e06a2421d69a56b86f30fb62cbea_JaffaCakes118
Size

58KB
MD5

a5c9e06a2421d69a56b86f30fb62cbea
SHA1

3da220b35d4634f2e3a1bfee4d66f0d95912e3bd
SHA256

8e5fc3ce1e6450dc7c07e17d303ebb3279ad7f78f4a8958a4ca6bc50ac0d18ce
SHA512

40744e4a3088d83a318139310ded384b0cb103a8948c87f19152718ec7b1c3d1947a517494131d637ebbb7b593a1dc57245f963cf66c61fed1cd464c30682e15
SSDEEP

768:OwAfgeggouWqT2SAOwhbanF0W+gf5n8XpxT0FAuHbyrEPAbgcgq/ygy:OwAflggX2Sdfnnbn8X3IgEPAbgcP/D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5c9e06a2421d69a56b86f30fb62cbea_JaffaCakes118

Files

a5c9e06a2421d69a56b86f30fb62cbea_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

32f80a6adca676f6165aa7130145f0f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

crypt32

PFXExportCertStore
CertOpenStore

kernel32

AddAtomA
CloseHandle
CreateFileA
CreateSemaphoreA
CreateThread
DeleteFileA
ExitThread
FindAtomA
FindFirstFileA
FindNextFileA
GetAtomNameA
GetComputerNameA
GetFileSize
GetLastError
GetTempPathA
GetTickCount
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
ReadFile
ReleaseSemaphore
SetFileAttributesA
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WinExec
WriteFile

msvcrt

_write
__dllonexit
_assert
_errno
_iob
abort
atoi
fflush
fprintf
free
malloc
memcmp
memset
sprintf
strcat
strcmp
strlen
strstr

oleaut32

SafeArrayAccessData
SafeArrayDestroy
SysAllocStringByteLen
SysFreeString
SysStringLen

shell32

ShellExecuteA

user32

FindWindowExA
wsprintfA

userenv

GetProfilesDirectoryA

wininet

HttpEndRequestA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestExA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
InternetWriteFile

Exports

Exports

DllCanUnloadNow
DllCanUnloadNow@0
DllGetClassObject
DllGetClassObject@12
DllRegisterServer
DllRegisterServer@0
DllUnregisterServer
DllUnregisterServer@0
Init
Init@0

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f80a6adca676f6165aa7130145f0f8

Headers

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

oleaut32

shell32

user32

userenv

wininet

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 13KB - Virtual size: 12KB

.rdata Size: 9KB - Virtual size: 9KB

.bss Size: - Virtual size: 16KB

.edata Size: 512B - Virtual size: 502B

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 684B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 13KB - Virtual size: 12KB

.rdata
Size: 9KB - Virtual size: 9KB

.bss
Size: - Virtual size: 16KB

.edata
Size: 512B - Virtual size: 502B

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 684B

.reloc
Size: 3KB - Virtual size: 2KB