401a398f240a3f7597a4f9459c8dc5b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

401a398f240a3f7597a4f9459c8dc5b6_JaffaCakes118
Size

199KB
MD5

401a398f240a3f7597a4f9459c8dc5b6
SHA1

157040877c841a72c57cb7941c0ab85e773c49db
SHA256

f1da47d7256c84b60c0fead14e0af6a15c0806f3af9649a5973650d3b8fa9a13
SHA512

d3c0adccaed40067dd85ccfae16babbbcdd981961583e10acd3b9c4ef7f4d2988ddf0fd00690c6fb8c5a7e7f159925a0cabfe210a976ed2d3d9b13d8fc1ec4cd
SSDEEP

3072:KpuxqiIKOtbUIaOL0pLId266ckilHVxttNsg2Kg6TQsQDZob9llN9u:0iPIKUafLs2tchbxxl2beQsQw9Nw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
401a398f240a3f7597a4f9459c8dc5b6_JaffaCakes118

Files

401a398f240a3f7597a4f9459c8dc5b6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

58fd1260a1a2572c5c5f026dbb83921b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetLastError
lstrcatA
GetModuleHandleA
RaiseException
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
LockResource
FindResourceExA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
DeleteFileA
GetVolumeInformationA
CloseHandle
WriteFile
CreateFileA
CopyFileA
CreateThread
GetTickCount
MoveFileA
ReadFile
GetFileSize
Sleep
SetEndOfFile
FlushFileBuffers
SetStdHandle
lstrcpyA
lstrlenW
GetModuleFileNameA
GetTempPathA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualFree
HeapCreate
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
GetCPInfo
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
LCMapStringA
LCMapStringW
GetOEMCP

user32

CharNextA
wsprintfW

advapi32

RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegEnumKeyExA

shell32

SHGetSpecialFolderPathA

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoGetClassObject
CoInitialize

oleaut32

RegisterTypeLi
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr

shlwapi

PathFileExistsA
PathFindExtensionA

urlmon

CoInternetGetSession

wininet

InternetSetOptionA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58fd1260a1a2572c5c5f026dbb83921b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

wininet

Exports

Exports

Sections

.text Size: 159KB - Virtual size: 159KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 159KB - Virtual size: 159KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 10KB - Virtual size: 9KB