c0bc6b49f449eafe15ea2fb3c14a4a96_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0bc6b49f449eafe15ea2fb3c14a4a96_JaffaCakes118
Size

116KB
MD5

c0bc6b49f449eafe15ea2fb3c14a4a96
SHA1

62aa9ccfef045c19d8fbe3c549451a2057c8d1a7
SHA256

5c7ea8e5dcdcc1bcde5e8fcfc886253acf6bfd496d3f5b53e35ded04fdb8c920
SHA512

19ea95d60a2dfb86ea80885db07a64d6f7e282ca86206a5ebc5d6ce0a2c5bc7bc480d1243ebfb458a3d82b63e3400ece2f8a4e1028afea64f4714fbb19038363
SSDEEP

1536:c395XZIcLULq26TtxohYBNxTxKaelcIJCcBIkLjV5By+ULvNsWbr0OP/rEtJWAEN:qHXZI76TvhxT4LtV33klsWBPQt4AEN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0bc6b49f449eafe15ea2fb3c14a4a96_JaffaCakes118

Files

c0bc6b49f449eafe15ea2fb3c14a4a96_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

42afd655a352b35a2d23bab3ef1c60fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

atl

ord16
ord18
ord57
ord23
ord15
ord58
ord32
ord30
ord43
ord44
ord21

kernel32

VirtualAlloc
VirtualFree
HeapAlloc
GetProcessHeap
HeapFree
GetSystemDirectoryW
Sleep
lstrcpynW
GetVersionExW
GetComputerNameExW
GetCurrentProcess
FlushInstructionCache
LoadLibraryA
CompareStringW
InterlockedExchange
GetComputerNameW
LocalAlloc
ExpandEnvironmentStringsA
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
ExpandEnvironmentStringsW
SetLastError
GetLastError
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetShortPathNameW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
LocalFree
lstrlenW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegConnectRegistryW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

ole32

StringFromGUID2
CoTaskMemAlloc
CoInitializeEx
CoCreateInstanceEx
CoUninitialize
CoCreateGuid
CoSetProxyBlanket
CoTaskMemFree

oleaut32

SysAllocStringByteLen
SysAllocString
LoadRegTypeLi
SysStringLen
SysFreeString
SysStringByteLen

netapi32

NetUseAdd
NetUseDel

ntdll

RtlQueryEnvironmentVariable_U
RtlSetEnvironmentVariable
RtlInitUnicodeString
RtlExpandEnvironmentStrings_U
RtlDestroyEnvironment
RtlCreateEnvironment

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 89KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 165B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42afd655a352b35a2d23bab3ef1c60fe

Headers

File Characteristics

Imports

atl

kernel32

advapi32

shell32

ole32

oleaut32

netapi32

ntdll

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 160KB

.bss Size: - Virtual size: 192KB

.pdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 165B

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 216B

.text
Size: 89KB - Virtual size: 160KB

.bss
Size: - Virtual size: 192KB

.pdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 165B

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 216B