f2f53a7d7459780d361f1cb867810f06_JaffaCakes118

General

Target

f2f53a7d7459780d361f1cb867810f06_JaffaCakes118
Size

116KB
MD5

f2f53a7d7459780d361f1cb867810f06
SHA1

70c9bf7a0d92b2308dd5d9491bd1dc15b3573c1b
SHA256

a96d6cacb279a81cb7289f6af494ba8c1bc342b1687643f6bbf4dac09aae2f15
SHA512

f4665c6edac40746603fec0d2ff52ae67d0cf1e473a13d361a3b94eeb63fc832f721f3aef3ebb8acea87bc96800a3ae65af48b83ff1cc0c066bc5904084b544b
SSDEEP

3072:EGvUYye4DAFd3Q+6rLeqLnCDU5z1BLtb7E:uekaKHLeyl1j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2f53a7d7459780d361f1cb867810f06_JaffaCakes118

Files

f2f53a7d7459780d361f1cb867810f06_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

41040a0a4e15d9fb1babdc43e5960d04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalDeleteAtom
InterlockedDecrement
SuspendThread
SetCurrentDirectoryW
CreateEventW
FreeLibrary
CloseHandle
GetPrivateProfileStringW
GetVersion
ReadFile
GetCurrentThread
GlobalFree
SetEvent
LoadResource
GetDriveTypeW
ReadProcessMemory
GetCurrentProcess
SetThreadPriority
GetProcAddress
lstrlenW
LoadLibraryA
Sleep
SizeofResource
GetTickCount
FindResourceExW
CreateThread
DeleteFileW
GetLocalTime
FindClose
SetFilePointer
CancelWaitableTimer

user32

RegisterWindowMessageW
TrackPopupMenu
CreatePopupMenu
LoadIconW
MessageBoxW
GetSystemMetrics
SetForegroundWindow
DestroyMenu
IsWindow
SetWindowPos
GetWindowDC
EndDialog
SetDlgItemTextW
DestroyIcon
SetWindowTextW
DefWindowProcW
GetCursorPos
DispatchMessageW
SendMessageW
SystemParametersInfoW
GetDlgItem
FillRect
VkKeyScanW

gdi32

GetDeviceCaps
DeleteObject
CreateCompatibleDC
DPtoLP
SelectObject
GetClipBox
BitBlt
DeleteDC
CreateRoundRectRgn
GetObjectW
CreateCompatibleBitmap

advapi32

RegQueryValueExW
LookupAccountSidW
RegDeleteValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.fuxa
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.aypv
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qqpng
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41040a0a4e15d9fb1babdc43e5960d04

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.fuxa Size: 96KB - Virtual size: 92KB

.aypv Size: 4KB - Virtual size: 1KB

.qqpng Size: 4KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 6KB

.fuxa
Size: 96KB - Virtual size: 92KB

.aypv
Size: 4KB - Virtual size: 1KB

.qqpng
Size: 4KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 6KB