005a885b76f4c413785753b39d25934b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

005a885b76f4c413785753b39d25934b_JaffaCakes118
Size

76KB
MD5

005a885b76f4c413785753b39d25934b
SHA1

929aa8a4c110745e79f3c0d79b9807f609d42077
SHA256

8553a197fa3d44ae39015effab9db4a2d560234d8d0f1798b8ea3366667a9269
SHA512

4b5879bd698a858518d3967aeb72ef1f06036903a1a985aaab57fc4a872391f216d36dce62aaa719132fc56d88115609618450ff7e028ad5bd93db32d6918393
SSDEEP

1536:T1xl6/f9ooHFzo1wOOvICS4A1aeNjfkLan3:7k/VoolzoDfBNjfn3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
005a885b76f4c413785753b39d25934b_JaffaCakes118

Files

005a885b76f4c413785753b39d25934b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c8410df5d766b2886c8743268866d4f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

wininet

HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo

oleaut32

GetErrorInfo
VariantClear
SysAllocString

user32

ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
DefWindowProcA
wsprintfA
GetClassNameA
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
RegisterClassExA
CloseClipboard
SetWindowPos
OpenClipboard
SetTimer
SystemParametersInfoA
CreateWindowExA

shlwapi

SHSetValueA
StrStrIA
SHGetValueA

netapi32

Netbios

ole32

CoCreateInstance
CoInitialize
CoCreateGuid

rpcrt4

UuidToStringA

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
fclose
fwrite
fopen
tmpnam
atoi
isalnum
isgraph
isspace
isalpha
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
__CxxFrameHandler
_CxxThrowException
??1exception@@UAE@XZ
srand
isxdigit
isupper
strchr
toupper
strtok
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
malloc
free
strstr
strncpy
_stricmp
ispunct

winmm

timeGetTime

kernel32

GetFullPathNameA
GetWindowsDirectoryA
lstrcpynA
CreateFileA
MultiByteToWideChar
GetTickCount
InterlockedExchange
LoadLibraryA
SetLastError
GetProcessHeap
HeapAlloc
HeapSize
GetModuleFileNameA
SleepEx
GetCurrentProcessId
GetVersionExA
GetCurrentDirectoryA
GetEnvironmentVariableA
DisableThreadLibraryCalls
FormatMessageA
LocalFree
GetLastError
GetVersion
lstrlenA
lstrcpyA
HeapFree
GetSystemInfo
GetCurrentThread
GetThreadTimes
Sleep
GetLocalTime
GetSystemDirectoryA
DeleteFileA
CreateProcessA
WaitForSingleObject
MoveFileExA
FreeLibrary
OpenProcess
VirtualAllocEx
GetProcAddress
WriteProcessMemory
QueryPerformanceCounter
QueryPerformanceFrequency
CloseHandle
CreateRemoteThread

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8410df5d766b2886c8743268866d4f1

Headers

File Characteristics

Imports

psapi

wininet

advapi32

oleaut32

user32

shlwapi

netapi32

ole32

rpcrt4

msvcrt

winmm

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 15KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 15KB

.reloc
Size: 4KB - Virtual size: 2KB