b66d9603d3359ccb1aabc9f5779b0553_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b66d9603d3359ccb1aabc9f5779b0553_JaffaCakes118
Size

216KB
MD5

b66d9603d3359ccb1aabc9f5779b0553
SHA1

d0e24bdd8ef3da5fc82540f11a983de2f921f1d4
SHA256

1c0ea41a70781315440312506580579d6cec23288406d54adfc9fe12d4980ddb
SHA512

44bce501e229c0eb863f185dc60f30315e353fad1fe3c7ad39e47cde02f05ee6710e04a220012e77a33d886b1ca0c34e1f27f8d33ca53210384ce16906687e53
SSDEEP

6144:HCaFa8yclQhILyrBNDgb4+tAwB1xpxl0bWn1CGnjjiQzefT:iaFdWrorjPiL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b66d9603d3359ccb1aabc9f5779b0553_JaffaCakes118

Files

b66d9603d3359ccb1aabc9f5779b0553_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

44f3673d09bc2f5b085d04294623d36a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLOpenBlockingStreamA

kernel32

lstrlenA
GlobalFree
lstrcpynA
GlobalAlloc
GetModuleFileNameA
DeleteFileA
CompareStringA
GetStringTypeExA
GetTempPathA
FlushFileBuffers
InterlockedDecrement
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
LocalFree
DeleteCriticalSection
CreateDirectoryA
LocalAlloc
FindFirstFileA
GetSystemDirectoryA
GetSystemTime
CloseHandle
WriteFile
CreateFileA
ReadFile
GetFileSize
GetLocalTime
SetFilePointer
FormatMessageA
GetTickCount
GetStringTypeW
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
CreateProcessA
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
GetUserDefaultLCID
FreeLibrary
LCMapStringA
LCMapStringW
LoadLibraryA
Sleep
InterlockedCompareExchange
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter

user32

MessageBoxA
LoadStringA
wsprintfA

advapi32

InitializeSecurityDescriptor
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorDacl
FreeSid
RegDeleteValueA
RegSetValueExA
RegCreateKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

SysAllocString
SysFreeString
VariantClear

shlwapi

StrStrA
SHDeleteKeyA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44f3673d09bc2f5b085d04294623d36a

Headers

File Characteristics

Imports

urlmon

kernel32

user32

advapi32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 8KB - Virtual size: 71KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 71KB

.reloc
Size: 16KB - Virtual size: 14KB