40aa3c3fec84ddf25460e2eae87ce41a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40aa3c3fec84ddf25460e2eae87ce41a_JaffaCakes118
Size

110KB
MD5

40aa3c3fec84ddf25460e2eae87ce41a
SHA1

59f0d5bfd5e78f2b4d9b86af05c724becf2f89b2
SHA256

aea779bb3a3f305f0476f4db324874aff55dc35e56340b5b7131924189ec7115
SHA512

6b1dc6701e52d3dbe0e99e278b292bd5f5c8a4f8607649a2101989e450e6fb2be9402583116e76d0db0ae9ba9df66f05afc07e0a8e4b6ea7777d618a955438e0
SSDEEP

3072:86W+eOpaD9GJdnyF2MhkJGE7KxyqQRRn8vMVuEqKcq:86W+e+JdnyFvNM9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40aa3c3fec84ddf25460e2eae87ce41a_JaffaCakes118

Files

40aa3c3fec84ddf25460e2eae87ce41a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cded6434bf14576dc11b7271568f67a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetOpenW
InternetReadFile
InternetGetConnectedState
InternetCanonicalizeUrlW
InternetOpenUrlW
HttpQueryInfoW

mfc42u

ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord3948
ord2717
ord1128
ord4692
ord4229
ord269
ord4370
ord4272
ord4124
ord2756
ord6655
ord1250
ord1248
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord815
ord4269
ord6466
ord3806
ord3332
ord551
ord4197
ord1235
ord823
ord861
ord537
ord927
ord922
ord858
ord538
ord535
ord2810
ord825
ord540
ord800
ord1165
ord1568
ord1173
ord1115
ord1571
ord600
ord826

msvcrt

_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
wcscpy
wcslen
_wcsdup
memcmp
_purecall
_beginthread
_ftol
time
srand
rand
_wstat
_wcslwr
_wcsicmp
_vsnwprintf
_CxxThrowException
wcsncpy
wcsstr
memcpy
memset
_EH_prolog
__CxxFrameHandler
iswspace

kernel32

MoveFileExW
CreateFileW
WriteFile
CloseHandle
GetTempPathW
GetFileAttributesExW
WinExec
InterlockedIncrement
EnterCriticalSection
GetTickCount
Sleep
DeleteFileW
GetModuleFileNameW
HeapDestroy
lstrlenW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpyW
lstrcatW
WritePrivateProfileStringW
GetPrivateProfileStringW
FindClose
FindNextFileW
FindFirstFileW
LocalFree
LocalAlloc
MultiByteToWideChar
InterlockedDecrement
WideCharToMultiByte
InitializeCriticalSection
GetShortPathNameW
LeaveCriticalSection
DeleteCriticalSection

user32

CharNextW

advapi32

RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
VariantClear
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantChangeType
VariantCopy
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cded6434bf14576dc11b7271568f67a0

Headers

File Characteristics

Imports

wininet

mfc42u

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 28KB - Virtual size: 33KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 28KB - Virtual size: 33KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 5KB