08c236a32c62d26c694cb944966fc4e9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08c236a32c62d26c694cb944966fc4e9_JaffaCakes118
Size

2.4MB
MD5

08c236a32c62d26c694cb944966fc4e9
SHA1

6945e14b758986cdc71e1a7b17d3de6806b06dd4
SHA256

2c0edccfec695d93a7ad679b7fac9ae8336c0614f1b4fa06d6a01eec4aa0a7a1
SHA512

3b048801225b923db57c57e8d67ae92c97d9a259d91a442a1582640e999e54e50f6acd5cb8af6aba479117d364f9752324b3c02a81c7bf2eee946f0b2c98a262
SSDEEP

49152:qSp+wdZSLNTlQZMMIUSWTL/N7j1u7M0Vg9rQ2CAgj7D+tRd:peplQ/lL/N7jwM0SdrW7D+tT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08c236a32c62d26c694cb944966fc4e9_JaffaCakes118

Files

08c236a32c62d26c694cb944966fc4e9_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

022b9d7cf1be8ccb33f40de40010c2b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

PostQueuedCompletionStatus
ReleaseSemaphore
ExitThread
HeapValidate
LCMapStringW
GetLogicalDriveStringsA
GlobalFindAtomA
SystemTimeToFileTime
GetCompressedFileSizeW
GetVolumeNameForVolumeMountPointW
WriteFile
AddAtomW
SetNamedPipeHandleState
IsBadStringPtrA
GetCurrentThread
SetInformationJobObject
ReleaseActCtx
SizeofResource
OpenMutexA
FlushFileBuffers
LoadLibraryA
HeapSize
GetProcAddress

ole32

OleCreateMenuDescriptor
OleCreateFromFile
OleDestroyMenuDescriptor
CoMarshalInterface
IIDFromString
CoFreeUnusedLibrariesEx

user32

PostMessageW
CharPrevW
CheckDlgButton
SetSysColors
GetWindowContextHelpId
IsDialogMessageA
AdjustWindowRect
FindWindowExW
GetMonitorInfoW
SetProcessWindowStation
UnhookWindowsHook
InsertMenuA
LoadAcceleratorsA
DestroyCursor
CreateCursor
CallWindowProcA
EnumThreadWindows
DrawFocusRect
TrackMouseEvent

shlwapi

PathIsFileSpecW
SHRegSetUSValueW
PathRenameExtensionW
PathFindExtensionA
StrChrW
StrChrIW
PathAppendA
StrCmpNIW
StrCatBuffW

advapi32

RegSetValueA
RegCreateKeyW
ReadEventLogA
RegEnumValueA
RegDeleteKeyA
RegSetValueW
StartServiceW
QueryServiceStatus
ElfRegisterEventSourceW
RegNotifyChangeKeyValue
QueryServiceStatusEx
RegOpenKeyA
GetInheritanceSourceW

shell32

SHPathPrepareForWriteW
SHChangeNotify
SHGetInstanceExplorer
SHAddToRecentDocs
SHGetFolderLocation

gdi32

LineTo
DeleteEnhMetaFile
CopyMetaFileA
CreateFontIndirectW
SetMetaFileBitsEx
Arc
GetMetaFileBitsEx
GetStretchBltMode
Pie
EnumFontFamiliesA
GetBitmapBits
StartDocW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 636KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

022b9d7cf1be8ccb33f40de40010c2b8

Headers

File Characteristics

Imports

kernel32

ole32

user32

shlwapi

advapi32

shell32

gdi32

Exports

Exports

Sections

.text Size: 636KB - Virtual size: 634KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 60KB - Virtual size: 58KB

.text
Size: 636KB - Virtual size: 634KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 60KB - Virtual size: 58KB