f675919cce5282d20b872a6534c41e44_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f675919cce5282d20b872a6534c41e44_JaffaCakes118
Size

371KB
MD5

f675919cce5282d20b872a6534c41e44
SHA1

3e9644a6ee10ca6df2e1c09bb331084135754729
SHA256

cf2d084b715a2dba9ea6f1bdd1b1d7500cf47ab9d4fae0e50aba2c482de6a1c0
SHA512

576f8b03b152ba558124c280ab8535e2d9e7df294101081bbd517793df0e5a1bf5b8426cc2ea3462c62dce5f7f5ed5a36a6a878cbddab736bce5ff257f9482d3
SSDEEP

6144:V6GZudHu6LDjKW9UrvU36yTf/WZRaHplRyD7JG+1iciloWcFhb3PTrIkzzh4D0n9:V6GZSHu6LD+W9r36yTf/gRaHplRyD7Jv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f675919cce5282d20b872a6534c41e44_JaffaCakes118

Files

f675919cce5282d20b872a6534c41e44_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

0d5f9181087558c90d941a36e49cc5b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
SetLastError
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GlobalFree
GlobalHandle
LockResource
TerminateProcess
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GlobalUnlock
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
Sleep
GetModuleFileNameW
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
lstrcmpiW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
lstrlenW
GetLastError
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
LoadLibraryA
LCMapStringA
GetProcAddress
VirtualAlloc
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
HeapDestroy
HeapCreate
CreateThread
ExitThread
GetCommandLineA
RtlUnwind
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LoadLibraryW
SetUnhandledExceptionFilter
IsDebuggerPresent
UnhandledExceptionFilter

user32

SetWindowLongW
UnregisterClassA
GetWindowLongW
UnregisterClassW
CharNextW
DefWindowProcW
DestroyWindow
GetSysColor
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
MapWindowPoints
MapDialogRect
SetWindowContextHelpId
IsWindowVisible
GetWindowRect
GetTopWindow
CreateDialogIndirectParamW
ShowWindow
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
SendMessageW
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient

gdi32

GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetStockObject

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemAlloc

oleaut32

DispCallFunc
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
LoadTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllRpcStub
DllUnregisterServer

Sections

.text
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d5f9181087558c90d941a36e49cc5b1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 294KB - Virtual size: 294KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 294KB - Virtual size: 294KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 29KB