db5013b4e6b134b5702542e7485d3fe0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db5013b4e6b134b5702542e7485d3fe0_JaffaCakes118
Size

252KB
MD5

db5013b4e6b134b5702542e7485d3fe0
SHA1

44ac3d17cd0fdc1cd9cd4fb2c679c0c47338f75f
SHA256

148e0ce99de820400af0e059c8772eab8b072ab426b4dcb8a2a9cbffc00b194f
SHA512

fadc6158b75eeb1340d09db92b4a03e8288b18b352b76e3b4badc77c9e62620db42a58f5a968f7d37364f94ed48da3a1faf8f2db221099cf928310d6f733a8f9
SSDEEP

6144:LQZEgzn8gdvRtvndY807BmHzP3UkTJF3Spv9cNEwO9Qj3BvPJyqiKZ3hl4uN6ah:8C81pRtvnz3xJF3iviNEwO9QzziKZ3hR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db5013b4e6b134b5702542e7485d3fe0_JaffaCakes118

Files

db5013b4e6b134b5702542e7485d3fe0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

bfe7d0a5537a7fd9b13f5cd58c3d5895

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
MultiByteToWideChar
GetModuleFileNameA
GetLastError
WideCharToMultiByte
lstrlenW
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetModuleHandleA
lstrcatA
lstrcmpiW
GetSystemTime
GetLocalTime
ExitProcess
lstrcatW
lstrcpyW
GetVolumeInformationA
CreateProcessA
CloseHandle
TerminateThread
WaitForSingleObject
CreateThread
SetFileTime
WriteFile
GetFileTime
CreateFileA
Process32Next
Module32First
LeaveCriticalSection
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
DeleteCriticalSection
InitializeCriticalSection
GetThreadLocale
GetLocaleInfoA
GetACP
DisableThreadLibraryCalls
GetVersionExA
InterlockedExchange
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
SetFilePointer
GetStringTypeW
GetStringTypeA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
IsBadCodePtr
IsBadReadPtr
lstrcpyA
LocalFree
RtlUnwind
HeapFree
RaiseException
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
TlsSetValue
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
HeapSize
TlsFree
SetLastError
GetCPInfo

user32

SetTimer
LoadStringA
CharNextA
GetSystemMetrics
wsprintfA
KillTimer
CallMsgFilterA
wsprintfW
SetCaretBlinkTime

advapi32

RegEnumKeyA
RegSetValueExA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteValueA
RegCreateKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoTaskMemFree
CoTaskMemRealloc
StringFromCLSID
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance

oleaut32

SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysStringLen
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
RegisterTypeLi
SysFreeString
VarUI4FromStr
VariantInit
DispCallFunc
VariantClear

shlwapi

PathFindExtensionA

comctl32

InitCommonControlsEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfe7d0a5537a7fd9b13f5cd58c3d5895

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 8KB - Virtual size: 9.1MB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 36KB - Virtual size: 32KB

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 8KB - Virtual size: 9.1MB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 36KB - Virtual size: 32KB