ded5549b381ee8dcf0265d2ef5f980c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ded5549b381ee8dcf0265d2ef5f980c0_JaffaCakes118
Size

51KB
MD5

ded5549b381ee8dcf0265d2ef5f980c0
SHA1

b9d6bc6b3e36e79a9b3429d51c61e64ac14f5bb9
SHA256

1885550334c7994aa5a5b0e493295f0137428b07ab5f0b928935bf93ff98eb5a
SHA512

c22f7a3c899294bab8033362777ab5aea723bfd04345a86e0c18b1beb9e336df3df6d392f1c0239cfd9cc5a10a192a696ba744833d245d666b4fd1cfae9bdf27
SSDEEP

768:S+pOPmLhV90b2Qyu6fpMEhaTodEQzt7huRR+LYW4ry6Bf/T:/0cX7haTwztY+LYXryu/T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ded5549b381ee8dcf0265d2ef5f980c0_JaffaCakes118

Files

ded5549b381ee8dcf0265d2ef5f980c0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0ea961ee9b03773f515b856958cbad90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
SetEvent
CloseHandle
WaitForSingleObject
ExitThread
GetTickCount
lstrlenW
GetModuleHandleA
lstrcpyW
lstrcatW
GetProcessHeap
HeapFree
lstrlenA
IsBadStringPtrA
lstrcmpA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
lstrcpyA
lstrcmpiA
VirtualProtect
GetModuleFileNameA
HeapAlloc
HeapReAlloc
CompareStringW
Sleep
lstrcatA
GetSystemDirectoryA
SetFilePointer
CreateFileA
ReleaseMutex
SetEndOfFile
CreateEventA
CreateMutexA
CreateThread
ReadFile
WriteFile
WriteProcessMemory
GetCurrentProcess

user32

wsprintfW
CharUpperW
CharLowerA
GetWindowLongA
GetClassLongA
wsprintfA

advapi32

CryptDecrypt
InitializeSecurityDescriptor
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
CryptDestroyKey
CryptDestroyHash
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
SetSecurityDescriptorDacl

ole32

CoGetMalloc
StringFromIID

oleaut32

SysAllocString
SysFreeString

wininet

InternetCrackUrlW
InternetCrackUrlA
InternetConnectA

urlmon

CoInternetCombineUrl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ea961ee9b03773f515b856958cbad90

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

urlmon

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 356B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 356B

.reloc
Size: 1KB - Virtual size: 1KB