c7b39aa3ac84b9b9e33dd775e79aa5a1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c7b39aa3ac84b9b9e33dd775e79aa5a1_JaffaCakes118
Size

195KB
MD5

c7b39aa3ac84b9b9e33dd775e79aa5a1
SHA1

3ea6bfe75087206e245690c8d11d72868c4f9a42
SHA256

f34870ff7a72dbddf0b24fa86618a8b4c79ef10e7b34be174fbe91f2acb3e5f5
SHA512

22b627a3b24f9397347cebf1e882cd134068b544b84fa53ada44aebdaf519ed983c81c2fb338ab3542bce67194f397b29762d93601fe6ca8538a4ce2c71fcf3a
SSDEEP

3072:qJj6lUnLIN65ijtnedmzxmCji0AWWX16GyD/mu7y99tDXnRgzUra18r:mLINTnEmzx+0FWXTyD/mX9XRgzya

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7b39aa3ac84b9b9e33dd775e79aa5a1_JaffaCakes118

Files

c7b39aa3ac84b9b9e33dd775e79aa5a1_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

dcd062daf33703210459311f8e00b93f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dssenh.pdb

Imports

msvcrt

wcscat
_except_handler3
free
_initterm
malloc
_adjust_fdiv
wcscmp
wcscpy
wcslen
_strlwr

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
DelayLoadFailureHook
CloseHandle
GetCurrentThread
Sleep
lstrcpyA
MultiByteToWideChar
GetVersionExA
GetSystemDirectoryW
CreateFileW
FindFirstFileExW
WriteFile
GetTickCount
DeleteFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
WideCharToMultiByte
FindNextFileW
LoadLibraryExA
SizeofResource
LoadResource
FindResourceA
ReadFile
_lclose
SetFilePointer
OpenFile
IsProcessorFeaturePresent
GetSystemInfo
RtlMoveMemory
QueryPerformanceCounter
LoadLibraryA
InterlockedCompareExchange
GetProcAddress
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
FreeLibrary
LocalFree
lstrcmpiA
DisableThreadLibraryCalls
GetModuleFileNameA
lstrlenW
EnterCriticalSection
LeaveCriticalSection
RaiseException
lstrlenA
FindClose
GetLastError
SetLastError
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
GetFileSize

advapi32

GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RevertToSelf
GetFileSecurityW
SetFileSecurityW
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
FreeSid
SystemFunction041
SystemFunction040
OpenThreadToken
OpenProcessToken
GetTokenInformation
IsValidSid
PrivilegeCheck
LookupPrivilegeValueA
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyA
RegQueryInfoKeyA
AdjustTokenPrivileges
ImpersonateSelf
GetAce
GetAclInformation
MakeSelfRelativeSD
GetSecurityDescriptorSacl
SetThreadToken
GetUserNameA
RegGetKeySecurity
MD5Init
MD5Update
MD5Final
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
A_SHAFinal
A_SHAUpdate
A_SHAInit
SystemFunction036
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
EqualSid

ntdll

NtClose
RtlFreeHeap
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlAllocateHeap
RtlImageNtHeader
RtlNtStatusToDosError

user32

wsprintfA
LoadStringW
wsprintfW

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPDuplicateHash
CPDuplicateKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcd062daf33703210459311f8e00b93f

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

ntdll

user32

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 124KB

.data Size: 64KB - Virtual size: 70KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 125KB - Virtual size: 124KB

.data
Size: 64KB - Virtual size: 70KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB