aa7ee5e049f95af87d556f6b14318edd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa7ee5e049f95af87d556f6b14318edd_JaffaCakes118
Size

86KB
MD5

aa7ee5e049f95af87d556f6b14318edd
SHA1

3929f758c3d5bd96a739ed78f02abf758aaa15e2
SHA256

3bcc57c383b47619ef5b5c987fca79364604d9764061f9625129729a63f40a80
SHA512

01497bce6a60c8f1e7ec5246f57290dd4f7646b249e31e06a48c1cd4fa8ea14d44e0fcf572bfcd7c28db211a061806bedd08d958ce97ef2930695b0117b6e6f1
SSDEEP

1536:jI2U0O9vxAJC5uzqcjUT5WgHP32flvrIX3o1ccT+:jI2mSouzzbQ3M5rIX3o1c7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa7ee5e049f95af87d556f6b14318edd_JaffaCakes118

Files

aa7ee5e049f95af87d556f6b14318edd_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d358de7e1975fbdd58f121e8490f71ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileA
GetSystemDirectoryA
GetCurrentDirectoryA
lstrlenA
FindClose
GetLastError
FindNextFileA
FileTimeToSystemTime
lstrcmpA
FindFirstFileA
SetCurrentDirectoryA
ReadFile
SetFilePointer
CloseHandle
GetFileSize
CreateFileA
lstrcatA
TerminateProcess
GetExitCodeProcess
PeekNamedPipe
GetTickCount
CreateProcessA
CreatePipe
WriteFile
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetLocaleInfoA
GetDriveTypeA
GetCurrentProcessId
LocalFree
Sleep
lstrcpyA
WinExec
CreateThread
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
RaiseException
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA

user32

wsprintfA

advapi32

RegCloseKey
RegDeleteValueA
RegOpenKeyExA

shell32

StrStrA

ws2_32

__WSAFDIsSet
inet_addr
gethostbyname
ntohl
WSAGetLastError
connect
gethostname
send
select
recv
WSAStartup
WSACleanup
closesocket
inet_ntoa
socket
htons

wininet

InternetQueryOptionA

shlwapi

PathFindExtensionA

oleaut32

GetErrorInfo

Exports

Exports

DllRegisterServer
DllUnregisterServer
DoNetMsMic

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d358de7e1975fbdd58f121e8490f71ee

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wininet

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 342KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 342KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 6KB - Virtual size: 5KB