ff02b3ffd4c660e6d1c08f00fee6bcdd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff02b3ffd4c660e6d1c08f00fee6bcdd_JaffaCakes118
Size

52KB
MD5

ff02b3ffd4c660e6d1c08f00fee6bcdd
SHA1

79deeca3b8bc76e8334d8d3906b1490fb3e9f3d9
SHA256

ddb307bc13ae0004d61c84e4956d119334684c09fd21727f7ec637bc4aef90e5
SHA512

4759f887ea25794e774540456313bdda6c9a21531d93afd97e052cb887c81f630c325203f6f81ba15b69d3405ae663be98d4aa507b55b07dc9acd8e7cfe8971a
SSDEEP

1536:Hsns+LNHkSYUg8UT1SUpGWWNbq8jE/ZuTpVATxg49JV:KHCPyqqpaTN9JV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff02b3ffd4c660e6d1c08f00fee6bcdd_JaffaCakes118

Files

ff02b3ffd4c660e6d1c08f00fee6bcdd_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

709217b041d53b261667734e5161b311

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleHandleA
CreateProcessA
RemoveDirectoryA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
lstrlenW
WaitForSingleObject
GetCurrentProcessId
GetCommandLineW
LocalFree
MoveFileA
Process32Next
Process32First
Sleep
CreateThread
ExitProcess
HeapDestroy
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
CreateDirectoryA
CloseHandle
FindFirstFileA
GetPrivateProfileStringA
SetFileAttributesA
DeleteFileA
FindNextFileA
GetModuleFileNameA
WritePrivateProfileStringA
GetExitCodeProcess

advapi32

SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetNamedSecurityInfoA
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoInitialize
CoUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi
SysFreeString

msvcrt

??3@YAXPAX@Z
_strlwr
_strupr
_adjust_fdiv
malloc
_initterm
free
strncmp
strncpy
strcmp
strchr
atoi
_wcslwr
wcsstr
fopen
fseek
memset
strlen
sprintf
strstr
strrchr
strcat
strcpy
_access
memcpy
_purecall
_stricmp
??2@YAPAXI@Z
memcmp
fclose
fread
ftell

shlwapi

SHDeleteValueA
SHDeleteKeyA
SHSetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

709217b041d53b261667734e5161b311

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

idata Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

idata
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 2KB