90d44862fd7a2e05f2511988ff360d5f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

90d44862fd7a2e05f2511988ff360d5f_JaffaCakes118
Size

316KB
MD5

90d44862fd7a2e05f2511988ff360d5f
SHA1

168ef5a541e3a90233bc896a8910d760e47f82e7
SHA256

a5dda4343a9c554dfedc734a79229d37288a850ef1217051069572162ed4d7c9
SHA512

f20cf7257a152e9f821ee0c2b73f10ac9cc9d4db868f51ac7604296b7cd8df232d521fd8df1614f741e368867d5e8d83b0fcb5b379c884b7f5ae384c21e13ef8
SSDEEP

6144:O5+QAs8Yqz+CLetk43n6JEaWeuk1i9QsjbWN1e6SKT:ZQAs8YJtksn6J3W5k1iPY1bSKT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
90d44862fd7a2e05f2511988ff360d5f_JaffaCakes118

Files

90d44862fd7a2e05f2511988ff360d5f_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f030c6e4596433aa999eebcd531f5595

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
InterlockedDecrement
lstrcatA
InterlockedIncrement
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetModuleFileNameW
FindFirstFileW
FindNextFileW
LoadLibraryExW
GetLocaleInfoW
GetEnvironmentVariableW
CreateFileW
GetVersionExA
GetEnvironmentVariableA
GetLocaleInfoA
FindFirstFileA
EnterCriticalSection
lstrcpyA
CreateFileA
LeaveCriticalSection
ResumeThread
DuplicateHandle
GlobalFree
WriteFile
GetUserDefaultLangID
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
FindNextFileA
DeleteCriticalSection
SetFilePointer
SetEndOfFile
GetTickCount
DeleteFileA
HeapDestroy
InitializeCriticalSection
CloseHandle
GetSystemTime
IsDBCSLeadByte
GlobalAlloc
GetTempPathA
CreateDirectoryA
GlobalReAlloc
GlobalSize
CopyFileA
lstrlenA
MultiByteToWideChar
SystemTimeToFileTime
lstrcpynA
lstrlenW
DisableThreadLibraryCalls

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegQueryValueExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey

ole32

CoCreateInstance
CoTaskMemRealloc
CoDisconnectObject
ProgIDFromCLSID
CoTaskMemAlloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
VariantClear
SysStringLen
LoadTypeLi
VarUI4FromStr
SysFreeString
RegisterTypeLi
SysAllocString
VariantCopy
SysAllocStringLen
SetErrorInfo
CreateErrorInfo

comctl32

ord17

user32

DestroyWindow
MessageBoxA
LoadStringA
MessageBoxW
IsChild
LoadCursorA
GetClassInfoExA
CallWindowProcA
GetWindowLongA
DefWindowProcA
SetWindowLongA
BeginPaint
GetClientRect
EndPaint
RegisterClassExA
CharNextA
wsprintfA
GetDC
LoadStringW
CreateWindowExA
GetFocus
ReleaseDC

gdi32

SaveDC
DeleteDC
SetViewportOrgEx
RestoreDC
SetWindowOrgEx
SetMapMode
LPtoDP
CreateDCA
GetDeviceCaps

shell32

ShellExecuteA

winmm

mciSendCommandA

msvcrt

sprintf
_stat
_snwprintf
_adjust_fdiv
_initterm
_errno
_commit
_close
_get_osfhandle
_lseek
_write
_read
_open
_setmode
wcscmp
memmove
_strnicmp
_wtoi
swprintf
towupper
strchr
iswctype
_itoa
_strcmpi
calloc
fclose
_itow
free
malloc
realloc
memcpy
??2@YAPAXI@Z
memset
memcmp
_purecall
wcslen
strtoul
fwrite
strcat
strcpy
strlen
wcscpy
_snprintf
wcsncpy
wcsrchr
strrchr
wcschr
_isctype
_beginthreadex
strstr
__mb_cur_max
_wcsicmp
fopen
strcmp
atoi
strncpy
sscanf
_ltow
_wtol
srand
_pctype
rand
wcsncmp
wcsstr
_endthreadex
strncmp
atol
time
tmpnam
_tempnam

wsock32

htons
ioctlsocket
select
recv
WSACleanup
WSAStartup
socket
connect
send
gethostbyname
closesocket
WSAGetLastError

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f030c6e4596433aa999eebcd531f5595

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

comctl32

user32

gdi32

shell32

winmm

msvcrt

wsock32

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 181KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 16KB - Virtual size: 12KB

.text Size: 64KB - Virtual size: 64KB

.text
Size: 184KB - Virtual size: 181KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 16KB - Virtual size: 12KB

.text
Size: 64KB - Virtual size: 64KB