ceba6b8603345323a621080e29516b30_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ceba6b8603345323a621080e29516b30_JaffaCakes118
Size

69KB
MD5

ceba6b8603345323a621080e29516b30
SHA1

22f016e544925f69f56458bc531d1989b4ab371b
SHA256

eb5ba09b93fe7da1e127763535a186956aa5dbc7eafac91f2ab316f2848db176
SHA512

258ab22f265c1a4e4583c9d19441980669f840bad8b266b104f053df36130b36fb0f50afa7b005d13896a52de7eca5bc3d77fda7bd8651ffab2f04187c3c6c0d
SSDEEP

1536:B1yl0SHZR6GIEABVo0DsmnlTABdrZgNxCflVoLgBE:vyV5wG3GRnlTAvZgNxCff6e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ceba6b8603345323a621080e29516b30_JaffaCakes118

Files

ceba6b8603345323a621080e29516b30_JaffaCakes118
.dll regsvr32 windows:4 windows x64 arch:x64

7a63e4b8036771bdde366539e83348ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

wcstombs
_snprintf
NtQueryDirectoryFile
RtlInitUnicodeString
NtQuerySystemInformation
RtlNtStatusToDosError
NtQueryInformationProcess
RtlStringFromGUID
_strupr
strchr
strcpy
memset
_snwprintf
RtlUpcaseUnicodeString
_wcsupr
RtlFreeUnicodeString
RtlImageNtHeader
strstr
memcpy

shlwapi

StrStrIA
SHDeleteKeyW
StrToIntExA
StrTrimA
wnsprintfA
StrRChrW

kernel32

lstrlenW
SetThreadPriority
GetLastError
VirtualAlloc
CreateEventA
CloseHandle
HeapDestroy
GetCurrentProcessId
WaitForSingleObject
SetEvent
HeapCreate
CreateMutexW
CreateThread
VirtualFree
OpenEventA
SetWaitableTimer
OpenProcess
CreateWaitableTimerW
Sleep
CreateWaitableTimerA
WideCharToMultiByte
GetExitCodeProcess
CreateProcessA
TerminateProcess
WriteFile
GetTempPathW
SetEndOfFile
lstrcpyW
DeleteFileW
GetCurrentThreadId
GetTempFileNameW
ExpandEnvironmentStringsW
GetComputerNameW
GetSystemTimeAsFileTime
HeapFree
EnterCriticalSection
HeapReAlloc
HeapAlloc
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
GetVersion
QueryPerformanceCounter
lstrcatA
QueryPerformanceFrequency
LeaveCriticalSection
WaitForMultipleObjects
WriteProcessMemory
CreateFileW
ReadFile
GetFileSize
lstrcpyA
MultiByteToWideChar
VirtualAllocEx
GetExitCodeThread
CreateRemoteThread
GetModuleHandleA
GetProcAddress

user32

wsprintfW
GetShellWindow
GetWindowThreadProcessId
wsprintfA

advapi32

GetTokenInformation
OpenProcessToken
LookupAccountSidW
RegOpenKeyA
RegSetValueExA
GetSidSubAuthority
RegCreateKeyW
RegSetValueExW
RegCloseKey
GetSidSubAuthorityCount
GetUserNameW

winhttp

WinHttpSendRequest
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpQueryOption
WinHttpOpen
WinHttpOpenRequest
WinHttpSetOption
WinHttpReceiveResponse
WinHttpConnect
WinHttpSetTimeouts

psapi

GetModuleFileNameExW

shell32

ShellExecuteW

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitializeSecurity

Exports

Exports

DllRegisterServer

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7a63e4b8036771bdde366539e83348ea

Headers

File Characteristics

Imports

ntdll

shlwapi

kernel32

user32

advapi32

winhttp

psapi

shell32

ole32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 4KB

.bss Size: 8KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 4KB

.bss
Size: 8KB - Virtual size: 5KB