3f3484bae9d947fe3a417f356554c4d0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f3484bae9d947fe3a417f356554c4d0_JaffaCakes118
Size

92KB
MD5

3f3484bae9d947fe3a417f356554c4d0
SHA1

325f374862f710758364d285926db74d39605a56
SHA256

6b7d3c1719f41ea344831237a18402692b3944e8978552ddfbb8ba4db3e57d38
SHA512

e5c7c81533b5c323dd5d7a4eddfbdec2a4acf27b91308271220af3634c94290a13ef2dc28fd7b97fcd8b29620b8f351a8adc8b1452770f1ac2e609a719d1bae8
SSDEEP

1536:8+WolM2qZX8Q8oj7rTwANoWyuHenrQvSo1TH+I9:pWCM2qZX38wvX+rQvSo1THV9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f3484bae9d947fe3a417f356554c4d0_JaffaCakes118

Files

3f3484bae9d947fe3a417f356554c4d0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fa44f898c5febd8a4ab8b5d81d85fdf1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetShortPathNameA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
FreeLibrary
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrcmpiA
SizeofResource
LeaveCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
FlushInstructionCache
EnterCriticalSection
lstrlenA
lstrlenW
InterlockedIncrement
lstrcpynA
IsDBCSLeadByte
FlushFileBuffers
RaiseException
GetModuleHandleA
LocalFree
TerminateProcess
LCMapStringW
LCMapStringA
SetStdHandle
GetStringTypeW
GetStringTypeA
HeapSize
InterlockedDecrement
CloseHandle
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
GetOEMCP
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer

user32

CharNextA

advapi32

RegQueryValueExA
RegEnumValueA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

RegisterTypeLi
SysAllocString
VarUI4FromStr
SysAllocStringByteLen
DispCallFunc
SysStringByteLen
SysFreeString
VariantChangeType
VariantInit
GetErrorInfo
SysStringLen
VariantClear
LoadRegTypeLi
LoadTypeLi

imaconv

ima_to_ascii_lz
ima_free

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa44f898c5febd8a4ab8b5d81d85fdf1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

imaconv

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 5KB