b7a1d1236e1563f599daae68f9e40a35_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b7a1d1236e1563f599daae68f9e40a35_JaffaCakes118
Size

148KB
MD5

b7a1d1236e1563f599daae68f9e40a35
SHA1

9987ecc04eb245fc2e91c0898c68f9cbca0f37ea
SHA256

8a5a110c568c1c17a06064a3acacde466e83a97373575d14f68e2af9d3f01637
SHA512

e0919a82118c92582161bbbc6dcd9c24212d48616464dcee3acd6fba5fca7d5d02667398572e34533a85f79f86650badfe5937110b07b65e5a2c995825f0bab8
SSDEEP

3072:vQcCdygKAAQdZSvXJkqRAuYxxp3cy3qPZBoyaWCFKpr0E:ouqfSaUArMPAyTIKL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7a1d1236e1563f599daae68f9e40a35_JaffaCakes118

Files

b7a1d1236e1563f599daae68f9e40a35_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e7817936a56951f4bd90b96e4f95143a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
InterlockedDecrement
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
LoadLibraryA
lstrcpyA
lstrcatA
DisableThreadLibraryCalls
LocalAlloc
SetErrorMode
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemPowerStatus
FreeLibrary
WideCharToMultiByte
GetLastError
GetProcAddress
lstrlenW
lstrlenA
LocalFree
MultiByteToWideChar

user32

CharNextA

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegCreateKeyExA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
__dllonexit
toupper
_chdrive
_chdir
_getcwd
memcmp
realloc
malloc
free
_purecall
_mbstok
strlen
??2@YAPAXI@Z
memset
_onexit
__CxxFrameHandler
memcpy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7817936a56951f4bd90b96e4f95143a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 108KB - Virtual size: 104KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 108KB - Virtual size: 104KB

.reloc
Size: 4KB - Virtual size: 3KB