8d0468f5cf3996d7b32688c7d243c666_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8d0468f5cf3996d7b32688c7d243c666_JaffaCakes118
Size

369KB
MD5

8d0468f5cf3996d7b32688c7d243c666
SHA1

88dbc7c0402e98601977c82c582cfda4ad062496
SHA256

8a7152fb0c3fc586850b9e574e1c9335121eda49ee526b23e9f39f0326f22cab
SHA512

a73ed9ad691f1c198be76cf27ab035648743eb9f3d260943bf83794743174cd49b8f9002b3adcd0422d41e1260cbdb03c4674d849d0dd03f924deb8e208d9071
SSDEEP

3072:80QXXzUY3z5Volw9sShsB1NJt8TBg7R7A+aMk6/WbM6o2FrMKhmvSIinUqezz:80sVj/ol8YLL6+aMk6/GM6LGKZnUD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d0468f5cf3996d7b32688c7d243c666_JaffaCakes118

Files

8d0468f5cf3996d7b32688c7d243c666_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9b81137a1352701b5991fbab2173284c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

GetTraceEnableFlags
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
OpenProcessToken
GetTraceLoggerHandle
TraceMessage

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject

kernel32

GetModuleHandleExW
GetCurrentProcess
CreateDirectoryW
SetLastError
Sleep
GetCurrentProcessId
FreeLibrary
SetUnhandledExceptionFilter
FormatMessageW
GetCommandLineA
HeapAlloc
HeapFree
SetFileAttributesW
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
GlobalAlloc
VirtualProtectEx
SetEvent
GetModuleHandleA
QueryPerformanceCounter
WritePrivateProfileStringW
GetLastError
CloseHandle
GetCurrentThreadId
QueueUserWorkItem
GetModuleFileNameW
TerminateProcess
LoadLibraryExW
UnhandledExceptionFilter
GetSystemDirectoryW
GetProcAddress
GetProcessHeap
LoadLibraryA
LocalFree
LoadLibraryW
GetModuleHandleW
CreateEventW
GetTempPathW
RemoveDirectoryW
OutputDebugStringA
DeleteFileW
GetTickCount

msvcrt

_amsg_exit
_vsnwprintf
wcschr
_lock
memset
_initterm
_unlock
_onexit
malloc
_XcptFilter
free
_purecall
_callnewh
_CxxThrowException
__dllonexit
memcpy

ntdll

NtQueryInformationToken

ole32

CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoCreateInstance
FreePropVariantArray
CoInitializeEx
CoInitialize
CoUninitialize
CoTaskMemFree
CLSIDFromString
PropVariantCopy
StringFromGUID2
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
PropVariantClear

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetCustomDevicePropertyW
SetupDiEnumDeviceInfo

shell32

CommandLineToArgvW
SHInvokePrinterCommandW
SHGetFolderLocation
ShellExecuteExW

shlwapi

StrCmpNIW

user32

ReleaseDC
SetFocus
SendMessageW
DestroyIcon
GetDC
DispatchMessageW
DialogBoxParamW
GetMenuDefaultItem
ShowWindow
SetTimer
LoadStringW
CreatePopupMenu
GetSystemMetrics
EnableWindow
EndDialog
MsgWaitForMultipleObjects

Exports

Exports

DllUnregisterServer
DllRegisterServer
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b81137a1352701b5991fbab2173284c

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

ntdll

ole32

setupapi

shell32

shlwapi

user32

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 106KB - Virtual size: 110KB

.rsrc Size: 169KB - Virtual size: 169KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 106KB - Virtual size: 110KB

.rsrc
Size: 169KB - Virtual size: 169KB

.reloc
Size: 7KB - Virtual size: 7KB