3b46985dd6fbf5c32cf46fb796117ba5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b46985dd6fbf5c32cf46fb796117ba5_JaffaCakes118
Size

52KB
MD5

3b46985dd6fbf5c32cf46fb796117ba5
SHA1

9c36bcddea823cddee694928b70f1c112bd02958
SHA256

b7dde78f32d6e48f5efd55f182806fcea2e508f535fdde95214f531e61cca8a4
SHA512

aa94dd33d88440f362acaa88867aa04d4df901a3e441e0644919a06d8ab72922b4492eb21cfd0ef7144436687f567c283f5a15473efe56fc9e151c7173c1cc94
SSDEEP

768:b88zd/ZDuiaZIq6JqONonAgYO38JDM5U96EutuVIyLqR0tz0Ch9e9LtOSHvpVm99:7xdl1ZiN5U5sl6qR0RFh9KJkRkGkM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b46985dd6fbf5c32cf46fb796117ba5_JaffaCakes118

Files

3b46985dd6fbf5c32cf46fb796117ba5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0003e9183179eb6d3eca23c0106d59f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetShortPathNameA
GetModuleHandleA
CloseHandle
CreateProcessA
GetSystemDirectoryA
WritePrivateProfileStringA
GetExitCodeProcess
WaitForSingleObject
GetCommandLineW
Sleep
WideCharToMultiByte
lstrlenA
GetProcAddress
LoadLibraryA
Process32Next
Process32First
RemoveDirectoryA
GetCurrentProcessId
MoveFileA
CreateThread
ExitProcess
CreateDirectoryA
MultiByteToWideChar
lstrlenW
HeapDestroy
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetModuleFileNameA
SetFileAttributesA
LocalFree
FindFirstFileA
GetPrivateProfileStringA
FindNextFileA
DeleteFileA
FreeLibrary

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
BuildExplicitAccessWithNameA
SetEntriesInAclA
GetNamedSecurityInfoA
SetNamedSecurityInfoA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi
SysFreeString

msvcrt

fclose
_stricmp
_strlwr
_adjust_fdiv
malloc
_initterm
free
strncmp
strncpy
_access
_wcslwr
wcsstr
strcmp
strcpy
strchr
atoi
strstr
strrchr
sprintf
memset
strlen
memcpy
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
_strupr
fread
ftell
fseek
fopen
strcat

shlwapi

SHSetValueA
SHDeleteKeyA
SHDeleteValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0003e9183179eb6d3eca23c0106d59f0

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

idata Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

idata
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 2KB