0932dbf2c06598a94dbac1f0f2712357_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0932dbf2c06598a94dbac1f0f2712357_JaffaCakes118
Size

1.4MB
MD5

0932dbf2c06598a94dbac1f0f2712357
SHA1

dbd685b56fa74e6ee60cca2b2ad1a328dc7a426a
SHA256

ea8781910835c48ffc2d1be848d8c8b85c71492074cb92b6477f80ebbc20b1b0
SHA512

41889c9c314c9ff00800a632f940e740cf1a9e705003f5868db9bcfcde02591f1cfdc6ff751a1284079eeba67aa8d9152dd284db47348265c79ac50e7adb8589
SSDEEP

24576:3O57UCNwpRJf+4Hnz6sJm8ToduZLhNM1Fytv:3O5IC2W4Hz6shTodulM1Etv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0932dbf2c06598a94dbac1f0f2712357_JaffaCakes118

Files

0932dbf2c06598a94dbac1f0f2712357_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ef14c4a56d3caf1295507ccfe3cc92b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
DeleteFileA
CloseHandle
FlushFileBuffers
DebugBreak
HeapAlloc
GetProcessHeap
HeapFree
lstrcatA
GetFileAttributesA
GetDriveTypeA
lstrcpynA
lstrcmpA
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetPrivateProfileStringA
FindClose
FindNextFileA
FindFirstFileA
GetEnvironmentVariableA
GetLastError
CopyFileA
GetModuleFileNameA
CreateFileA
lstrcmpiA
MultiByteToWideChar
lstrlenA
lstrcpyA
lstrlenW
SetEndOfFile
WideCharToMultiByte

user32

SetWindowLongA
PostMessageA
CallWindowProcA
RemovePropA
GetPropA
wsprintfA
SetPropA

advapi32

RegCloseKey
RegOpenKeyExA
RegFlushKey
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoUninitialize
CLSIDFromProgID
CoCreateInstance
CoInitialize
StringFromGUID2
CoFreeUnusedLibraries
CoTaskMemRealloc

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit
VariantChangeTypeEx

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown
UTB

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef14c4a56d3caf1295507ccfe3cc92b4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 580B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 580B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB