177a2786151d9f8402c7be957060eaf3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

177a2786151d9f8402c7be957060eaf3_JaffaCakes118
Size

160KB
MD5

177a2786151d9f8402c7be957060eaf3
SHA1

b28a785f6ae27bf189d3f5fccf6da652be350124
SHA256

a61eea359ec45a45424a14d40e9ca5ed3fba089b82fca06e6ac3c2da910c48d4
SHA512

0a24b63a0c70d70ce6aa250d167136e396abca129b39f80f2a4c350eac04602428589d8069f9b5dd7afef258b2008d1636ea39400aa285821b052f2abb46f327
SSDEEP

1536:Xd7vPN62nB27tO+vJVMM1zHfO73e7T3p6HKn2czh9DICS4AShUqo6ULabVEt4rzq:NbF62B2JlvL/z/rQsIAhHo6Xit4rz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
177a2786151d9f8402c7be957060eaf3_JaffaCakes118

Files

177a2786151d9f8402c7be957060eaf3_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

3e4f63aa88b8c7420c8cf00694fac0b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
SetWindowPos
SystemParametersInfoA
DefWindowProcA
RegisterClassExA
KillTimer
wsprintfA
GetClassNameA
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
SetTimer

kernel32

RaiseException
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
MoveFileExA
CloseHandle
WaitForSingleObject
CreateProcessA
LocalFree
GetProcAddress
LoadLibraryA
DeleteFileA
GetSystemDirectoryA
GetLocalTime
SleepEx
GetModuleFileNameA
GetTickCount
OpenProcess
CreateFileA
GetCurrentProcessId
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
WriteFile
GetFileAttributesA
GetFileType
TerminateProcess
GetCurrentProcess
FreeLibrary
GetLastError
GetOEMCP
GetACP
ReadFile
SetEndOfFile
SetFilePointer
FlushFileBuffers
IsBadWritePtr
VirtualAlloc
VirtualFree
SetStdHandle
SetHandleCount
HeapCreate
GetCPInfo
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
HeapAlloc
HeapFree
HeapDestroy
MultiByteToWideChar
HeapReAlloc
RtlUnwind
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
LCMapStringA
LCMapStringW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA

advapi32

SetEntriesInAclA
SetSecurityInfo
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetSecurityInfo

shell32

StrStrIA

ole32

CoInitialize
CoCreateInstance
CoCreateGuid

oleaut32

VariantInit
SysAllocString
GetErrorInfo

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

netapi32

Netbios

rpcrt4

UuidToStringA

shlwapi

SHSetValueA
SHGetValueA

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e4f63aa88b8c7420c8cf00694fac0b5

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shell32

ole32

oleaut32

psapi

netapi32

rpcrt4

shlwapi

wininet

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 28KB - Virtual size: 32KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 28KB - Virtual size: 32KB

.reloc
Size: 8KB - Virtual size: 6KB