089b26739c873432a51f763d8faf36a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

089b26739c873432a51f763d8faf36a0_JaffaCakes118
Size

2.0MB
MD5

089b26739c873432a51f763d8faf36a0
SHA1

c5d609a30429ec865440f53f0c8971a59fc65854
SHA256

bae48cf0bcc250e917a5fa927784bc1f753f6ddf575c998771c4752087fc5d15
SHA512

d53b43684ded8581c31cbc3ce5e6edd3b41ac39ab7249de095b687f87af7161d8cf5859696691931884290a5d131954447459210fa513f7b5aba9e38b44cb833
SSDEEP

49152:nuyGZZhJc3x1BzTA7l0sc/ssr2eKl/2qt4ZBDaugs+jm:vGrhy3x1Bz7/muqt4XWuji

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
089b26739c873432a51f763d8faf36a0_JaffaCakes118

Files

089b26739c873432a51f763d8faf36a0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0bc64851b0cb14bb48ca374e436156fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocaleInfoW
CreateEventW
SwitchToThread
GetTapeParameters
GetSystemDirectoryA
MoveFileW
GetProfileStringW
SetTimeZoneInformation
FindResourceExA
lstrcatA
SetStdHandle
CreateDirectoryW
GetFileSize
GetCalendarInfoW
AddAtomW
DeleteTimerQueue
GetProcAddress
OpenFileMappingW
FindVolumeClose
lstrcpyW
EnumUILanguagesW
CopyFileExW
LoadLibraryA
SetupComm

ole32

OleDraw
CoFreeUnusedLibraries
CreateItemMoniker
CreateOleAdviseHolder
OleCreateLink
StringFromIID
OleLoad
PropVariantCopy

user32

DestroyMenu
LockWindowUpdate
GetMenuState
AllowSetForegroundWindow
CreateAcceleratorTableW
GetGUIThreadInfo
IntersectRect
NotifyWinEvent
SetWindowPos
DrawAnimatedRects
MapVirtualKeyA
DestroyIcon
InternalGetWindowText

shlwapi

PathGetCharTypeA
PathQuoteSpacesW
StrToIntA
StrNCatW

advapi32

EnumServicesStatusW
RegDeleteValueA
RegisterEventSourceA
InitiateSystemShutdownExW
BuildTrusteeWithNameW
GetNumberOfEventLogRecords

gdi32

SetMagicColors
CreateDCA
AddFontResourceA
SetWindowOrgEx
SelectObject
PaintRgn
ExtFloodFill
CreateHalftonePalette
ScaleWindowExtEx
GetEnhMetaFileBits
CreateScalableFontResourceA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bc64851b0cb14bb48ca374e436156fc

Headers

File Characteristics

Imports

kernel32

ole32

user32

shlwapi

advapi32

gdi32

Exports

Exports

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 4KB - Virtual size: 1KB