1046dfbb838ecaa8315b6a5fe100d842_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1046dfbb838ecaa8315b6a5fe100d842_JaffaCakes118
Size

120KB
MD5

1046dfbb838ecaa8315b6a5fe100d842
SHA1

da2cd804b4132f852bfa2df735ded1dee3e80d7a
SHA256

1617fb76d92f12a6a8c894d38e519df6c1e7f364fb2e8e9a40e0ac35fd839a25
SHA512

988d39466fe1257693785ebd732b42b0c91689e51a79b78f90a05ddd6ebc2083611eb82a9bb6f65a49725190316d79b21365893eb5ad5292a2345b6f76e28f8d
SSDEEP

3072:dqe3jGWjNx++Aoui7fMWa18q8K2UWAcCtpph:dnjGux++Ei7fMWa18q8K2rADt9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1046dfbb838ecaa8315b6a5fe100d842_JaffaCakes118

Files

1046dfbb838ecaa8315b6a5fe100d842_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

72b7c22db2b8ea59b1bbdf6638cde4f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
lstrcpyA
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
lstrcatA
InterlockedIncrement
InterlockedDecrement
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
InitializeCriticalSection
DisableThreadLibraryCalls
lstrcmpiA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
GetTickCount
GetLastError
FlushInstructionCache
GetProcAddress
LoadLibraryA
GetCurrentProcess
lstrlenA

user32

LoadStringA
CharNextA

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
ProgIDFromCLSID
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr
RegisterTypeLi
SysAllocString
LoadRegTypeLi
SysStringLen
VariantClear
GetErrorInfo
SysAllocStringLen
SetErrorInfo
DispCallFunc
CreateErrorInfo
LoadTypeLi

dk2win32

DK2ReadRandomNumbers
DK2DecrementDownCounter
DK2ReadMemory
DK2ReadDownCounter
DK2SendAlgorithmString
DK2Success
FindDK2
DK2ThroughEncryption
DK2DriverInstalled

msvcrt

?terminate@@YAXXZ
srand
_onexit
__dllonexit
time
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_except_handler3
??2@YAPAXI@Z
memcpy
rand
_ultoa
wcslen
wcsncpy
atoi
isdigit
strcmp
sprintf
vsprintf
strcpy
strcat
??3@YAXPAX@Z
__CxxFrameHandler
free
realloc
strlen
memset
malloc
memcmp
_purecall
strncpy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72b7c22db2b8ea59b1bbdf6638cde4f4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

dk2win32

msvcrt

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 4KB