b660a9bf1a5135100eb1ec2318a06f03_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b660a9bf1a5135100eb1ec2318a06f03_JaffaCakes118
Size

26KB
MD5

b660a9bf1a5135100eb1ec2318a06f03
SHA1

3b3a3db90a8cd481bcbc84e94008c87c25e6fd4b
SHA256

f7ad5c235381fe40995ee966ff38232dee640e5976e075f7cae02d069cc6cafb
SHA512

26f6620f60f15f51f7d274ff20234c0e067279db3f99e0518e1ea08043348d61c59f1532536b5d867b128f21c55e33c6f5c62e9ce0e05168b5ff142d920afd63
SSDEEP

384:pY/Uc+xF+5xsKvpcSOjTzRCWv9G8OzDrp5FfMoVD3lh6BNZs8ZcBV:u/Uc+xFcx5iSOnlsr9f/p1WNZs8ZkV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b660a9bf1a5135100eb1ec2318a06f03_JaffaCakes118

Files

b660a9bf1a5135100eb1ec2318a06f03_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

020d57c23db5fba774d09ed18764d00e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

i:\DEV\Products\DNSI\DNSI\Release\DNSI.pdb

Imports

msvcrt

malloc
_initterm
_onexit
__dllonexit
??2@YAPAXI@Z
_time64
_amsg_exit
_adjust_fdiv
memcpy
??_V@YAXPAX@Z
memset
mbstowcs
??_U@YAPAXI@Z
strlen
realloc
memmove
free
_XcptFilter
??3@YAXPAX@Z
_except_handler3

shlwapi

StrRChrA
UrlEscapeA
StrChrA

wininet

InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
InternetOpenW
InternetConnectW

ws2_32

inet_addr
gethostbyname

kernel32

GetCurrentProcess
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
DeleteCriticalSection
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceExW
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
lstrcmpiW
FindResourceW
GetModuleFileNameW
GetModuleHandleW
WideCharToMultiByte
GetProcAddress
GetVolumeInformationW
VirtualProtect
FlushInstructionCache
SetLastError
lstrcpynA
lstrcpyA
lstrcatA
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
CloseHandle

user32

UnregisterClassA
wsprintfA

advapi32

RegOpenKeyExW
RegSetValueExW
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey

ole32

CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
s

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

020d57c23db5fba774d09ed18764d00e

Headers

File Characteristics

PDB Paths

Imports

msvcrt

shlwapi

wininet

ws2_32

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 136B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 136B

.reloc
Size: 2KB - Virtual size: 2KB