de30aae909b9fa3e36a73cfc078b776d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de30aae909b9fa3e36a73cfc078b776d_JaffaCakes118
Size

503KB
MD5

de30aae909b9fa3e36a73cfc078b776d
SHA1

365022ea40e4868330358c634003d8acf1cdf339
SHA256

e2cad67e37c6f656a27ceafe12a5f762a53f6cc147dfed645e83e16a78bbccd4
SHA512

6de9906d45b7060a74b1c72fba073d41307831f52156ce80ed924dce527332af9bd738d4ba69771ac768c78337d37a924667f85c5d6f7c060306ae62e1c1687b
SSDEEP

6144:Yokj6gTdZGkqjKoBiTh2wJAi0WomtwGhY/LiGgMgRfJAT9KgyeivWSudVTHpOLmk:ER0kRYiHqi0WomtwGhYDFgmCpIaaRH0d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de30aae909b9fa3e36a73cfc078b776d_JaffaCakes118

Files

de30aae909b9fa3e36a73cfc078b776d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7b28a89afcbe82dc3e58ebcfff33e8fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateThread
DeleteFileW
DisableThreadLibraryCalls
EnumResourceNamesW
FindResourceW
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrW
LoadLibraryW
LoadResource
LocalFree
MultiByteToWideChar
RaiseException
SizeofResource
WaitForSingleObject
lstrcmpW

ntdll

_vsnprintf

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegEnumKeyExW
RegGetValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

ole32

CLSIDFromString
CoCreateGuid
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoUninitialize
StringFromGUID2

oleaut32

SysAllocString
SysFreeString
VariantClear

shell32

SHCreateDirectoryExW
SHGetFolderPathW

shlwapi

StrRChrW
StrToIntW

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
_strdup
free
fwrite
getenv
memcmp
memmove
memset
strchr
strcmp
strcpy
strcspn
strlen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GameUxShimW

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 196B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b28a89afcbe82dc3e58ebcfff33e8fa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

advapi32

ole32

oleaut32

shell32

shlwapi

ucrtbase

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 144B

.rodata Size: 4KB - Virtual size: 52B

.rdata Size: 32KB - Virtual size: 30KB

/4 Size: 8KB - Virtual size: 4KB

.bss Size: - Virtual size: 196B

.edata Size: 52KB - Virtual size: 51KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 1KB

/14 Size: 4KB - Virtual size: 280B

/29 Size: 180KB - Virtual size: 179KB

/41 Size: 8KB - Virtual size: 5KB

/55 Size: 24KB - Virtual size: 23KB

/67 Size: 8KB - Virtual size: 4KB

/78 Size: 28KB - Virtual size: 27KB

.text
Size: 32KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 144B

.rodata
Size: 4KB - Virtual size: 52B

.rdata
Size: 32KB - Virtual size: 30KB

/4
Size: 8KB - Virtual size: 4KB

.bss
Size: - Virtual size: 196B

.edata
Size: 52KB - Virtual size: 51KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 1KB

/14
Size: 4KB - Virtual size: 280B

/29
Size: 180KB - Virtual size: 179KB

/41
Size: 8KB - Virtual size: 5KB

/55
Size: 24KB - Virtual size: 23KB

/67
Size: 8KB - Virtual size: 4KB

/78
Size: 28KB - Virtual size: 27KB