03f93376c8abdc162ee16207f0e96bbd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

03f93376c8abdc162ee16207f0e96bbd_JaffaCakes118
Size

209KB
MD5

03f93376c8abdc162ee16207f0e96bbd
SHA1

7b02f22a10f400a4367c5a6ea2d1a121e01856ba
SHA256

225c423bc64781e96beea726e27d0cbb16c276ef7b370a6414b098dd4b6b42bf
SHA512

f17d147657490028fd66ede37395d4e26991ce6af7e50af3fe79082b08277637836b9e473ea62e98f0b66bc9e1a5d29d41b30a91d6ee336de2142094209e9ad3
SSDEEP

3072:Yw3Y3zIqcPpe75XCvvgyne/LX/yGL94CUwQE5KyJqofY8g3DONhnUhEBqtYIelFT:E3zBUpnBnk/jL94NIcomTsh5kexlR4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03f93376c8abdc162ee16207f0e96bbd_JaffaCakes118

Files

03f93376c8abdc162ee16207f0e96bbd_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

098a5117f945c6c1a109ccafb9a866a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rtffilt.pdb

Imports

msvcrt

realloc
_iob
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
malloc
_XcptFilter
__CxxFrameHandler
memcpy
_CxxThrowException
_wcsicmp
_purecall
fprintf
strncmp
free
_vsnprintf
_vsnwprintf

kernel32

SetLastError
GetCurrentThread
OutputDebugStringW
CopyFileA
DeleteFileA
FlushViewOfFile
GetLocalTime
CreateFileA
WideCharToMultiByte
LocalAlloc
LocalFree
CloseHandle
CreateMutexW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
GetModuleHandleW
GetVersionExW
ReleaseMutex
WaitForSingleObject
GetExitCodeThread
CreateThread
GetSystemDefaultLCID
InterlockedExchange
Sleep
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrlenW
lstrlenA
GetLastError
RaiseException
MultiByteToWideChar
UnmapViewOfFile
GetVersionExA
FormatMessageW

user32

SendMessageW
DestroyWindow
CreateWindowExW

advapi32

RegDeleteValueW
OpenProcessToken
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorLength
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey

ole32

CoInitializeEx
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

098a5117f945c6c1a109ccafb9a866a4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 173KB - Virtual size: 174KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 173KB - Virtual size: 174KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB