90ddad41a8b2676f513e82921d6068b7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

90ddad41a8b2676f513e82921d6068b7_JaffaCakes118
Size

152KB
MD5

90ddad41a8b2676f513e82921d6068b7
SHA1

7bb7cfb9776c1ca28cbbf600dd532f35cb674e71
SHA256

99ced5da45489dedc0dc9dc2eb6e902944e6e891e18b5f23f93b1114d9e06c5f
SHA512

026172b0171b5a6c4c79c4509a057ac208b2a9514a634033c18ab32d363abf161865618b9f0c89c9795d095c3fbdf7222d1db43d44c0012cc5a2fe11a9e1b79e
SSDEEP

3072:nnBzIhJK9QVudpb9bQMj7ox6oFBm4t9QoZ8rad/XpAVGBCwD1z9p4L3KZkjLfHt:nBzz9ldppb5Mzm4/QoKradmVGBCSmLai

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
90ddad41a8b2676f513e82921d6068b7_JaffaCakes118

Files

90ddad41a8b2676f513e82921d6068b7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

607c7c1aea1d3c8d1c9243c6df44ca76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetDIBits
DeleteDC
CreateDCA
GetObjectA

kernel32

GetProcAddress
SetEvent
LoadLibraryA
DeleteFileA
DeleteFileW
WriteFile
CreateFileW
VirtualAlloc
DisableThreadLibraryCalls
lstrlenA
GetLastError
InterlockedIncrement
FreeLibrary
InterlockedDecrement
CreateEventA
CloseHandle
SetFileAttributesA
CreateDirectoryA
GetModuleFileNameA
SetFileAttributesW
CreateDirectoryW
GetModuleFileNameW
MultiByteToWideChar
WaitForSingleObject
CreateThread
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResetEvent

user32

LoadImageW
wsprintfA

advapi32

RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
RegSetValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

StringFromGUID2
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance

shlwapi

PathRemoveExtensionW
PathRemoveExtensionA
PathFileExistsW
PathFileExistsA

msvcrt

_splitpath
wcscpy
_wsplitpath
wcscat
time
sprintf
_stat
_stati64
_wstati64
wcslen
_purecall
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

607c7c1aea1d3c8d1c9243c6df44ca76

Headers

File Characteristics

Imports

gdi32

kernel32

user32

advapi32

shell32

ole32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 104KB - Virtual size: 101KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 104KB - Virtual size: 101KB

.reloc
Size: 4KB - Virtual size: 3KB