ac74fa3930d74fbd0fa46040ac8bb637_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ac74fa3930d74fbd0fa46040ac8bb637_JaffaCakes118
Size

116KB
MD5

ac74fa3930d74fbd0fa46040ac8bb637
SHA1

81d9347a0601dc744816ff8eb169302aca7fff62
SHA256

70ac146da90b98c9b1eef594b9045a89fc7c69f30307b57b7e3ed67636758024
SHA512

bb3a4de74b35b0659209e44c74dac67619f3ffd9362bfbe445460581ef5c81982e590ba4b780ee1aeef9e19eb7c15bf42a5aff23151a37acd1ca4418801db2f7
SSDEEP

1536:VQptM0KSeRIbK2KzFndp4dcW6kq82cb+eQrdMqAfhKexTAvS:VL0db/KJndp4dWvpnpA0UO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac74fa3930d74fbd0fa46040ac8bb637_JaffaCakes118

Files

ac74fa3930d74fbd0fa46040ac8bb637_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

483a258497a18a2a49f2dad6197c9737

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetDIBits
DeleteDC
CreateDCA
GetObjectA

kernel32

CloseHandle
TerminateThread
SetEvent
EnterCriticalSection
DeleteFileA
WriteFile
CreateFileA
CreateFileW
WideCharToMultiByte
DeleteFileW
DisableThreadLibraryCalls
lstrlenA
GetLastError
InterlockedIncrement
FreeLibrary
InterlockedDecrement
CreateEventA
LeaveCriticalSection
SetFileAttributesA
CreateDirectoryA
GetModuleFileNameA
SetFileAttributesW
CreateDirectoryW
GetModuleFileNameW
MultiByteToWideChar
WaitForSingleObject
CreateThread
ResetEvent
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA

user32

wsprintfA
LoadImageA
LoadImageW

advapi32

RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
RegSetValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance
StringFromGUID2
CoFreeUnusedLibraries
CoUninitialize

shlwapi

PathRemoveExtensionW
PathRemoveExtensionA
PathFileExistsW
PathFileExistsA

msvcrt

_purecall
_splitpath
wcscpy
_wsplitpath
wcscat
time
sprintf
_stat
_stati64
_wstati64
wcslen
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

483a258497a18a2a49f2dad6197c9737

Headers

File Characteristics

Imports

gdi32

kernel32

user32

advapi32

shell32

ole32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 72KB - Virtual size: 72KB

.rsrc Size: 4KB - Virtual size: 952B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 4KB - Virtual size: 952B

.reloc
Size: 4KB - Virtual size: 3KB