26a402ef63ef8f5398f4b94ac9cf0c6d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

26a402ef63ef8f5398f4b94ac9cf0c6d_JaffaCakes118
Size

32KB
MD5

26a402ef63ef8f5398f4b94ac9cf0c6d
SHA1

cce33b2adc227528daa06417500317360e70fd85
SHA256

05c8073add4027ddb0d71404f4e7e3aaa4e10286a08dd08fd41ff766f5207fd3
SHA512

d944c7cad53a3b4ab773132783505e1f7a83387b9a5cbe0fcb03ae3608bfde40d16d8ef88e19b6b6cb126c8db720ef3882e1ab7f502732bad192cedb568f2e0d
SSDEEP

384:T/3ADPoLGYBwXWM7I+2uBBQARQkppd0ZIr0l8uC0Z:LA19N7PBBBQARQkppdjr0l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26a402ef63ef8f5398f4b94ac9cf0c6d_JaffaCakes118

Files

26a402ef63ef8f5398f4b94ac9cf0c6d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

66994f5efdbabc79089f41e8995dafff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
SetEvent
OpenEventA
CreateEventA
TerminateProcess
GetCurrentProcess
DisableThreadLibraryCalls
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrlenW
WinExec
VirtualAlloc
lstrcatA
VirtualProtect
CreateThread
GetCurrentDirectoryA
GetPrivateProfileStringA
GetModuleHandleA
LoadLibraryA
GetProcAddress
IsBadReadPtr
Sleep
InitializeCriticalSection
lstrlenA

user32

wsprintfA
CallNextHookEx
SetWindowsHookExA
KillTimer
SetTimer

advapi32

RegSetValueExA
RegOpenKeyA
RegCloseKey

oleaut32

SysStringLen
SysFreeString
LoadRegTypeLi

atl

ord16
ord21
ord15
ord18
ord57
ord32
ord58
ord30
ord23

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

ws2_32

closesocket

msvcrt

_initterm
_strcmpi
malloc
_adjust_fdiv
_itoa
_strlwr
free
??2@YAPAXI@Z
_purecall
strrchr
strstr
memcpy
strcpy
strcat
memset
memcmp
strcmp
strlen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66994f5efdbabc79089f41e8995dafff

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

atl

wininet

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB