d2ed54870579374526577b27b973a702_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d2ed54870579374526577b27b973a702_JaffaCakes118
Size

160KB
MD5

d2ed54870579374526577b27b973a702
SHA1

c863999f622eff811e35bbf9cdda703e3e262ae2
SHA256

56d4d72df8821b791a7a28119cd5e45a4da8a3d3a70bf9d185136bcf8fc449f3
SHA512

8b1a75baaa64ae8a204c6ae1442bc6a762beacd2796291da9e27c316eb1994eb5005f904e003725543e481ae9782654fd09c181b8fef3a1c942a9094e9f15d4b
SSDEEP

1536:UqJDmYLQkrAYP3HwF/Gym2aLIb/SGTBQqlI2f618jQ9+VvSICS4A+j8yotuuuCbz:UJHkEYPeG9d+SGpi8xkwyotuuu//vjh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2ed54870579374526577b27b973a702_JaffaCakes118

Files

d2ed54870579374526577b27b973a702_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c14126661398a713a423a02209d35a3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
EnumWindows
EnumChildWindows
GetWindowThreadProcessId
SetWindowPos
DispatchMessageA
wsprintfA
KillTimer
SetTimer
DefWindowProcA
SystemParametersInfoA
GetClassNameA

kernel32

RaiseException
GetOEMCP
GetACP
ReadFile
CloseHandle
OpenProcess
GetCurrentProcessId
CreateFileA
LocalFree
SleepEx
GetModuleFileNameA
FreeLibrary
CreateRemoteThread
WriteProcessMemory
GetProcAddress
VirtualAllocEx
LoadLibraryA
GetTickCount
MoveFileExA
WaitForSingleObject
CreateProcessA
DeleteFileA
GetSystemDirectoryA
WriteFile
GetFileAttributesA
GetFileType
TerminateProcess
GetCurrentProcess
GetLocalTime
HeapFree
SetEndOfFile
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadCodePtr
TlsGetValue
SetLastError
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
TlsFree
TlsAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
HeapAlloc
RtlUnwind
TlsSetValue
GetLastError
MultiByteToWideChar
HeapReAlloc
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetCurrentThreadId
SetHandleCount

advapi32

CryptGenRandom
CryptReleaseContext
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
CryptAcquireContextA

shell32

StrStrIA

ole32

CoCreateInstance
CoCreateGuid
CoInitialize

oleaut32

VariantInit
SysAllocString
GetErrorInfo

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

rpcrt4

UuidToStringA

shlwapi

SHGetValueA
SHSetValueA

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetReadFile

netapi32

Netbios

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c14126661398a713a423a02209d35a3e

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shell32

ole32

oleaut32

psapi

rpcrt4

shlwapi

wininet

netapi32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 28KB - Virtual size: 32KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 28KB - Virtual size: 32KB

.reloc
Size: 8KB - Virtual size: 6KB