1584bde90bf1b4efbb3f91f297f146f4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1584bde90bf1b4efbb3f91f297f146f4_JaffaCakes118
Size

108KB
MD5

1584bde90bf1b4efbb3f91f297f146f4
SHA1

a24c2bbdb7d364cff1d0949e59e915bdb165bda8
SHA256

cba2eaf7250f7f17b662503ba12b1a5b4cfa4de0010e3a8d1a51bb39c9708c9a
SHA512

aee03703d59d911139d7e2675a0dd9f0afa4448a85e82cb1633c3ca3d1cb4eb6571bc09521ff95e115ea67ac2da515b07e65d6cac731f3005ab92d69c56b6cee
SSDEEP

1536:9a194DNpDNGl4+qx62SH0DXAkCWscG1en+BxJOi15U0kNI7VN7UN:924DNpJD+qxTSYC1FTOi15U0WI7VNIN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1584bde90bf1b4efbb3f91f297f146f4_JaffaCakes118

Files

1584bde90bf1b4efbb3f91f297f146f4_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

fc8ff74e05b560cbf5b1d9e0249233dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\nonadmin\Documents\Visual Studio 2010\Projects\BHO\Release\main.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrlenA
FreeLibrary
GetProcAddress
GetModuleHandleA
lstrcmpiA
IsDBCSLeadByte
LeaveCriticalSection
EnterCriticalSection
SizeofResource
DeleteCriticalSection
FindResourceA
LoadLibraryExA
GetModuleFileNameA
GetThreadLocale
SetThreadLocale
GetModuleHandleW
VirtualAlloc
RtlUnwind
DisableThreadLibraryCalls
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
HeapFree
GetProcessHeap
LoadResource
HeapAlloc
LocalFree
LoadLibraryW
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
EncodePointer
DecodePointer
VirtualProtect
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
IsProcessorFeaturePresent
Sleep
HeapSize
ExitProcess
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
HeapReAlloc

user32

CharNextW
CharNextA

advapi32

RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyA
RegQueryInfoKeyA

ole32

CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc

oleaut32

UnRegisterTypeLi
RegisterTypeLi
SysAllocStringLen
SysAllocString
DispCallFunc
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc8ff74e05b560cbf5b1d9e0249233dd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB