292c99ca96caab112c7bb98898076ee5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

292c99ca96caab112c7bb98898076ee5_JaffaCakes118
Size

52KB
MD5

292c99ca96caab112c7bb98898076ee5
SHA1

b86b45cb8b6f397daa0d6b79a6ef298a93f577a0
SHA256

7e7fae44218eaa98894a04ff9444626954b11fc9aa2656025652db94390c5b2c
SHA512

282814f98114994c3be33193f04dc1605ffc39529334abec40075b0be69962069e4377e51882588f4fac337a47cdf1176de515f9eeec04ce28aa8b4b70123257
SSDEEP

768:v1MCzABzzkhEHRRW1vIK3FfrvDl7URtwO:v1MSABzzkhE6nFnKwO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
292c99ca96caab112c7bb98898076ee5_JaffaCakes118

Files

292c99ca96caab112c7bb98898076ee5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

287ccad1b64bd5c0b377536845001b0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrlenW
DeleteFileA
GetProcAddress
DisableThreadLibraryCalls
lstrlenA
GetTempFileNameA
GetTempPathA
GetSystemDirectoryA
FreeLibrary
GetLastError
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCurrentProcess
TerminateProcess
GetWindowsDirectoryA
CreateEventA
CreateThread
FindFirstFileA
Sleep
OpenEventA
SetEvent
CloseHandle
GetModuleFileNameA
WinExec
lstrcmpA

user32

MessageBoxA
SetWindowsHookExA
CallNextHookEx
wsprintfA

advapi32

RegSetValueExA
RegOpenKeyA
RegCloseKey

oleaut32

LoadRegTypeLi
SysStringLen
SysFreeString

msvcrt

memcpy
_purecall
memcmp
_stricmp
strrchr
strcmp
atol
sprintf
??2@YAPAXI@Z
_initterm
malloc
_adjust_fdiv
??3@YAXPAX@Z
strcat
strcpy
_itoa
memset
strlen
_strcmpi
free

atl

ord16
ord21
ord15
ord18
ord57
ord32
ord58
ord30
ord23

wininet

DeleteUrlCacheEntry
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

287ccad1b64bd5c0b377536845001b0c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

msvcrt

atl

wininet

msvcp60

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 20KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB