db5c87be5e568b185c9e28ace6252f8f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db5c87be5e568b185c9e28ace6252f8f_JaffaCakes118
Size

52KB
MD5

db5c87be5e568b185c9e28ace6252f8f
SHA1

5b94eb56557828c37fef12eac28bc2146ebc06cb
SHA256

3cefdd498e604259b258ff3fbd115db3bf847d4523dab2214c3568d54c2dc835
SHA512

33d2687c9eb9097f1650813c6cd6986e6c4ac856193a8b72eb8aaaef48e773f5fbf577147c3aaba70a1ae11567a2fc357ec366cf40f977946f5cdd393995e4c2
SSDEEP

1536:Vi3IDr2jpeiZdLKhOXKGyN892WT7j5DRo9YfDOLQCbw:MrIiZdLKOKlK926cCCbw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db5c87be5e568b185c9e28ace6252f8f_JaffaCakes118

Files

db5c87be5e568b185c9e28ace6252f8f_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9e4dffaf4679900e84a63f673cf72171

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
HeapDestroy
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleHandleA
WideCharToMultiByte
ExitProcess
CreateThread
CreateProcessA
LeaveCriticalSection
RemoveDirectoryA
Sleep
WritePrivateProfileStringA
MoveFileA
GetCurrentProcessId
GetExitCodeProcess
WaitForSingleObject
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
CreateDirectoryA
FreeLibrary
GetModuleFileNameA
LocalFree
Process32First
Process32Next
CloseHandle
LoadLibraryA
GetProcAddress
FindFirstFileA
GetPrivateProfileStringA
SetFileAttributesA
FindNextFileA
DeleteFileA
GetSystemDirectoryA

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
BuildExplicitAccessWithNameA
SetEntriesInAclA
GetNamedSecurityInfoA
SetNamedSecurityInfoA
RegQueryValueExA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString

msvcrt

fseek
_strlwr
_strupr
_adjust_fdiv
malloc
_initterm
free
strncmp
strncpy
strchr
atoi
strcmp
memcmp
_purecall
memcpy
_wcslwr
strstr
memset
strrchr
sprintf
strcat
??3@YAXPAX@Z
fclose
fread
??2@YAPAXI@Z
ftell
_stricmp
fopen
strcpy
strlen
_access
wcsstr

shlwapi

SHSetValueA
SHDeleteKeyA
SHDeleteValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e4dffaf4679900e84a63f673cf72171

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

idata Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

idata
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 2KB