bad1a11b1aeadc3c01fe2e80ca598603_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bad1a11b1aeadc3c01fe2e80ca598603_JaffaCakes118
Size

21KB
MD5

bad1a11b1aeadc3c01fe2e80ca598603
SHA1

0105b9909ad948b2ee84225e76d1e87544a8ee40
SHA256

943fc06e464b477e39d1d28aa85094acae3b7d61c5941d2242a5f2b622a8f094
SHA512

4e6b188099902ab74102920976dee915110cf33559a6a9a0efa1e0734b0a2ce756b68c0a2ab67e4d3b7e3ecf880e120890982aa7be70552636e6a48d259321e9
SSDEEP

384:b66YeJvnoHS70BVDs5sTmECmOG7Pcmz9rTZusdsbFm0DMyXLVlg:b6TgvnojBVDs58xCmZz9rTZusdsM8Mp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bad1a11b1aeadc3c01fe2e80ca598603_JaffaCakes118

Files

bad1a11b1aeadc3c01fe2e80ca598603_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

be24d18af05b5704579a845f7b47b278

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceA
DisableThreadLibraryCalls
MultiByteToWideChar
GetSystemDirectoryA
InitializeCriticalSection
HeapAlloc
GetSystemInfo
HeapCreate
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrlenW
lstrlenA
GetShortPathNameA
LoadResource
WideCharToMultiByte
GetLastError
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
lstrcpyA
lstrcatA
DebugBreak
HeapReAlloc
HeapFree
GetStringTypeA
RtlUnwind
LCMapStringW
LockResource
GetTempPathA
GetTickCount
CreateFileA
SizeofResource
WriteFile
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
DeleteFileA
LCMapStringA
GetStringTypeW

user32

wvsprintfA
CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegEnumValueA

ole32

CLSIDFromString
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysStringLen
LoadRegTypeLi
RegisterTypeLi
SysFreeString
VarUI4FromStr
SysAllocString
LoadTypeLi

shlwapi

SHGetValueA
SHSetValueA
SHDeleteKeyA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be24d18af05b5704579a845f7b47b278

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 16KB - Virtual size: 16KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 1KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 16KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 1KB - Virtual size: 1KB