d98adf80269b8ac996875c5a93948208_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d98adf80269b8ac996875c5a93948208_JaffaCakes118
Size

104KB
MD5

d98adf80269b8ac996875c5a93948208
SHA1

1771a1c7517fcf00582624dcbe1241a661a68ec8
SHA256

ca777e1f0e7e25d530d967571c432ac18dc6f67b4664ccfef78de9f9822b986f
SHA512

e237dd394b25bda49587b18adc11253364564d683989f99a6e5922df6635d749f06165e8b4cd1dc73ff23be660933c689cd2aa3ac09243ef850f710cff9e10c9
SSDEEP

3072:/sRwS9XEIPi/Sm30V8eUEj/mnhPhBTbP45Mx:W0IPqJ/LW+hFbPP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d98adf80269b8ac996875c5a93948208_JaffaCakes118

Files

d98adf80269b8ac996875c5a93948208_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c76b3f09461c080eb76d1608d7fd17e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetModuleFileNameA
GetProcAddress
GetComputerNameA
GetCurrentProcessId
CloseHandle
CreateFileA
WriteFile
InterlockedIncrement
EnterCriticalSection
GetProcessHeap
ReadFile
CopyFileA
Sleep
HeapAlloc
GlobalAlloc
InitializeCriticalSection
CreateDirectoryA
HeapFree
GetModuleHandleA
FileTimeToSystemTime
CreateToolhelp32Snapshot
VerLanguageNameW
WideCharToMultiByte
SystemTimeToFileTime
GetProcessAffinityMask
ConnectNamedPipe
GetDiskFreeSpaceA
AreFileApisANSI
GetLogicalDriveStringsA
SetEnvironmentVariableW
SetCurrentDirectoryA
GetCurrentProcess
GetLogicalDrives
UpdateResourceA
WriteProcessMemory
DeleteFileA
SetSystemTime
UnregisterWaitEx
IsValidLanguageGroup
GetSystemDefaultLangID
GlobalAddAtomA
UnlockFileEx
SetComputerNameExW
SetConsoleWindowInfo
GetCommandLineW
DisconnectNamedPipe
GetProfileSectionA
CreateFileMappingW
SetVolumeLabelW
GetCurrentThreadId
CreateJobObjectW
VirtualQueryEx
ReadDirectoryChangesW
RegisterWaitForSingleObjectEx
LCMapStringA
AddAtomA
ExitProcess
LoadResource
GetProfileStringA
SetComputerNameA
SetConsoleMode
GetFullPathNameA
ReleaseMutex
ClearCommError
SetWaitableTimer
GetSystemWow64DirectoryW
IsBadHugeWritePtr
TerminateThread
RaiseException
FindVolumeMountPointClose
HeapSize
IsWow64Process
FlushViewOfFile
ExitThread
GetCommandLineA
GetConsoleCP
ExpandEnvironmentStringsW
UnregisterWait
EnumResourceNamesA
GetThreadPriority
GetFileTime
SleepEx
TerminateProcess
EnumResourceNamesW
SizeofResource
FillConsoleOutputCharacterW
VirtualUnlock
GetStartupInfoA
HeapCompact
GetFileAttributesW
OpenFile
GlobalFindAtomA
CreateTimerQueueTimer
SetVolumeLabelA
GetFileType

ole32

CoInitialize
OleSetContainedObject
CLSIDFromString
CoTaskMemFree
OleCreate
GetHGlobalFromStream
StgOpenStorageOnILockBytes
GetRunningObjectTable
FreePropVariantArray
CoFreeUnusedLibrariesEx
CoCreateInstanceEx
PropVariantClear
CoMarshalInterface
CoFreeUnusedLibraries
OleIsRunning
OleLoadFromStream
RegisterDragDrop
CreatePointerMoniker
PropVariantCopy
CreateItemMoniker
CoDisconnectObject
CoGetObjectContext
MkParseDisplayName
CoGetMarshalSizeMax
OleRegGetMiscStatus
OleInitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c76b3f09461c080eb76d1608d7fd17e4

Headers

File Characteristics

Imports

kernel32

ole32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB