bff58c4ede50154b584b6c83d6115113_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bff58c4ede50154b584b6c83d6115113_JaffaCakes118
Size

39KB
MD5

bff58c4ede50154b584b6c83d6115113
SHA1

23816a0f0e7cda7fc449b4e69fba58c6a0a9d33e
SHA256

7e40393835ddbd2a56bef4e2f6f83be5e1f71fe98ba638494ce177c25b80e7f4
SHA512

b570c0ba5efbef87b0d5c963fd0caf4335d842b5f1f4e82c1a5a0f5d1c8902c912bcc2bc757b88171b8b292801ae6c88c8b0c1a2b0529972dbd3522e5d9bd3da
SSDEEP

768:RlzeOVH9RyRMHFksPHrPS958GrF/hkanU0aQ/974q+D9P2unD6mHDxREzHu8XZCa:Rde8dR9Pm8GrF/rFaQu5RDLeHT0a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bff58c4ede50154b584b6c83d6115113_JaffaCakes118

Files

bff58c4ede50154b584b6c83d6115113_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

22dba1a1170472ee06e8bc43b3d8bfc1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
_snprintf
sprintf
strrchr
malloc
free
memcmp
memcpy
memset
_except_handler3
_strupr

user32

RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
KillTimer
DefWindowProcA
wsprintfA
IsWindowVisible
GetWindowThreadProcessId
PostMessageA
SetTimer
SendMessageA
UnhookWinEvent
SetWinEventHook
GetClassNameA
CallWindowProcA

advapi32

SetSecurityDescriptorDacl
RegSetValueA
RegDeleteValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
InitializeSecurityDescriptor

kernel32

Sleep
GetTempPathA
GetTempFileNameA
CreateMutexA
GetLastError
GetCurrentProcessId
OpenMutexA
GetStartupInfoA
CreateProcessA
DisableThreadLibraryCalls
ExpandEnvironmentStringsA
WaitForSingleObject
SetErrorMode
GetFileAttributesExA
CopyFileA
CreateDirectoryA
lstrcatA
GetFileAttributesA
MultiByteToWideChar
GetModuleFileNameA
DeleteFileA
TerminateProcess
FreeResource
LoadResource
SizeofResource
FindResourceA
GetProcessHeap
CompareStringA
GetThreadLocale
lstrcpynA
FreeLibrary
ExitThread
HeapAlloc
lstrcmpA
lstrcmpiA
IsBadReadPtr
lstrcatW
QueryDosDeviceW
GetModuleFileNameW
lstrlenA
lstrcpyA
GetProcAddress
HeapFree
CreateThread
IsBadWritePtr
GetModuleHandleA
LoadLibraryA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
IsBadStringPtrA
VirtualFree
VirtualAlloc
WriteFile
CreateFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetTickCount
GetVolumeInformationA
GetSystemDirectoryA
OpenProcess

Exports

Exports

CPlApplet
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22dba1a1170472ee06e8bc43b3d8bfc1

Headers

File Characteristics

Imports

msvcrt

user32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 6KB - Virtual size: 5KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 1KB