0ba039e65c3708cbcf28bda808e9368e_JaffaCakes118

General

Target

0ba039e65c3708cbcf28bda808e9368e_JaffaCakes118
Size

15KB
MD5

0ba039e65c3708cbcf28bda808e9368e
SHA1

71732f3f31d5fc5dbb5f5080f40748fedb881cb1
SHA256

ebb21f05ef8042397bfc83538d2220940f9769c30c6f91bda8d751d42c0b2363
SHA512

57baa248b5ecf1947a0553ecb11bc837da4ed3fdeccdefccdb2d3799c908876683cd6cdf37e58913e42677535f9c9c65037f0a52d8a2c52dd3b5c9c9121ba7d9
SSDEEP

384:/xD2k8XmwwTgrKUqBbNQupkLUIOGstrNenB3JJbV:Z2kSmwwkrapNQu2LUhFxenB5Jb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ba039e65c3708cbcf28bda808e9368e_JaffaCakes118

Files

0ba039e65c3708cbcf28bda808e9368e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

2027cf6325db92b87892bce1d3df88cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

wininet

InternetConnectA
InternetCloseHandle
FtpGetFileA
InternetGetConnectedState
InternetOpenA

mfc42

ord5442
ord5186
ord665
ord6010
ord6385
ord354
ord1979

msvcrt

_initterm
malloc
_adjust_fdiv
_stricmp
free
__dllonexit
fopen
fseek
fclose
fwrite
time
srand
rand
strlen
strcmp
__CxxFrameHandler
strcat
memset
strrchr
strcpy
sprintf
_onexit
fread

kernel32

CloseHandle
GetCurrentProcess
GetLastError
CreateRemoteThread
GetProcAddress
LoadLibraryA
Sleep
FreeLibrary
GetWindowsDirectoryA
DeleteFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetCommandLineA

user32

GetMessageA
DispatchMessageA
PostQuitMessage
SetTimer
KillTimer
TranslateMessage

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Dll_JustWorking
Start

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 778B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2027cf6325db92b87892bce1d3df88cc

Headers

File Characteristics

Imports

winmm

wininet

mfc42

msvcrt

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 17KB

.reloc Size: 1024B - Virtual size: 778B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 17KB

.reloc
Size: 1024B - Virtual size: 778B