fefd13bec804810bbba03d5d9b557293_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fefd13bec804810bbba03d5d9b557293_JaffaCakes118
Size

62KB
MD5

fefd13bec804810bbba03d5d9b557293
SHA1

412f5294d191de16fe819b61368249448b68e703
SHA256

c58ab3fe0ca21a2c93738916ddd50db72488eee5524312d8f985e475963abc46
SHA512

6d8764dc65498c0b4197d113e57729af0172ce7b17666063b7f8702e08e6348bacf537390d90a22cea7cd03e73722fcd55769712179fee8e9e9e7a388ca8a25c
SSDEEP

1536:BYJeqA2IJCkZnd/Mc4JUwgR66WtfFBccgUxLgCE:BYJCCkZWc+UwD6W1F0UxLgD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fefd13bec804810bbba03d5d9b557293_JaffaCakes118

Files

fefd13bec804810bbba03d5d9b557293_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fce3b1f64631664dde8fdcced86429ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteValueA
SHSetValueW
SHDeleteValueW
PathFileExistsA
PathFileExistsW
SHDeleteKeyW

urlmon

ObtainUserAgentString

kernel32

LoadLibraryA
GetModuleHandleA
CloseHandle
MoveFileExW
SetFileAttributesW
WritePrivateProfileStringA
GetLocalTime
GetPrivateProfileStringA
CreateProcessA
GetVersionExA
SetFileAttributesA
MoveFileA
GetPrivateProfileIntA
GetTickCount
Sleep
GetLocaleInfoA
GetSystemDefaultLCID
GetTempPathA
WritePrivateProfileStringW
CreateThread
MultiByteToWideChar
GetFileSize
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileStringW
GetCurrentProcess
WriteProcessMemory
ReadProcessMemory
VirtualProtect
WaitForSingleObject
WideCharToMultiByte
LocalFree
lstrcpyA
FindClose
FindNextFileW
GetFullPathNameW
FindFirstFileW
ReadFile
ExpandEnvironmentStringsW
GetDriveTypeA
GetLogicalDriveStringsA
GetLastError
GlobalFree
lstrcmpiW
GlobalAlloc
GetTempPathW
GetProcAddress
GetModuleFileNameA
DisableThreadLibraryCalls
VirtualAlloc

user32

GetSystemMetrics
ExitWindowsEx
GetDC
DispatchMessageA
IsCharAlphaNumericA
GetMessageA
TranslateMessage

advapi32

RegEnumValueW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
OleInitialize
CoTaskMemFree
CoUninitialize
StringFromGUID2

oleaut32

VariantCopy
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
SysAllocStringLen
VariantClear
SysAllocString
SysStringLen
SysFreeString
VariantInit

msvcrt

memmove
_wtempnam
_wcsnicmp
wcschr
_wcsdup
wcsstr
wcslen
wcsncmp
tolower
toupper
strchr
_strnicmp
strncpy
_wcsicmp
strstr
memcmp
tmpnam
_wtoi
wcstok
strtok
fprintf
strcpy
_unlink
_wremove
time
srand
rand
sprintf
??2@YAPAXI@Z
memcpy
strcat
strlen
wcscpy
wcscat
_snprintf
free
fclose
fread
memset
malloc
rewind
fopen
__CxxFrameHandler
fflush
fwrite
??3@YAXPAX@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fce3b1f64631664dde8fdcced86429ad

Headers

File Characteristics

Imports

shlwapi

urlmon

kernel32

user32

advapi32

ole32

oleaut32

msvcrt

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB