f007ae735baa4be91759ab1b162b989d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f007ae735baa4be91759ab1b162b989d_JaffaCakes118
Size

852KB
MD5

f007ae735baa4be91759ab1b162b989d
SHA1

d7c1550af7bf7cde88169ad043f72e51bacd6104
SHA256

1a121ee492bf4fb441a2a4e71e83345359ee3966a85b4113c15d63f6ed702e86
SHA512

26552680652ad90daaa3991898f5b3d1baf03ea3a05c74ad3aca738a99a35ebccc3925aaa7fce71fd6d323d38f1d7178af2c06bdabe11d46867d8f458ccbc321
SSDEEP

6144:YU+AOE04p2I/S9VEQA27yxKkmuYR74PZw/2pnPE9S:aOn2I8VEZ2y8XR7UZv69

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f007ae735baa4be91759ab1b162b989d_JaffaCakes118

Files

f007ae735baa4be91759ab1b162b989d_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

32d9cfea65e0d04699bf106f5acc4c10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA

oleaut32

RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocString
SysFreeString

kernel32

MultiByteToWideChar
WideCharToMultiByte
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
IsDBCSLeadByte
lstrcpynA
HeapDestroy
lstrcpyA
lstrcatA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadWritePtr
DisableThreadLibraryCalls
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
GetShortPathNameA
IsBadReadPtr
IsBadCodePtr
CloseHandle
UnmapViewOfFile
CreateFileA
CreateFileW
CreateFileMappingA
CreateFileMappingW
MapViewOfFile
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleA
TlsFree
SetLastError
TlsGetValue
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapSize
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
RaiseException

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

user32

CharNextA
GetDesktopWindow
IsWindowUnicode

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32d9cfea65e0d04699bf106f5acc4c10

Headers

File Characteristics

Imports

advapi32

oleaut32

kernel32

ole32

user32

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 191KB

.data Size: 532KB - Virtual size: 532KB

.rsrc Size: 112KB - Virtual size: 111KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 192KB - Virtual size: 191KB

.data
Size: 532KB - Virtual size: 532KB

.rsrc
Size: 112KB - Virtual size: 111KB

.reloc
Size: 12KB - Virtual size: 11KB