093320e9a7f0f074fcc8838ca468e850_JaffaCakes118

General

Target

093320e9a7f0f074fcc8838ca468e850_JaffaCakes118
Size

88KB
MD5

093320e9a7f0f074fcc8838ca468e850
SHA1

d7075692cff7552031c85adff29ea26d16e078c9
SHA256

d58e72fac3c495658fe3aa217c68e3fbb47228841f0cd9a0b054a794caed081f
SHA512

6e53af4cec20345c062733d35982f5c17a5184d9b1c0ba9d8438fb5f83f609fd98fb18432202dc2abf341bbc15176cf7ae33787cb932c79a2e3432d4c269bdce
SSDEEP

1536:UKeN8nU8msOVIaV4ckhEBJPzLLxwpPztNsZ9P5C:ULN8nHmsOVBV8eJPzLL+pPztNQ9P5C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
093320e9a7f0f074fcc8838ca468e850_JaffaCakes118

Files

093320e9a7f0f074fcc8838ca468e850_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

600f55000370a4e84f873a430d49189c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
InterlockedExchange
Sleep
GetVersionExA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
CreateEventA
ResetEvent
SetEvent
CloseHandle
FreeLibrary
GetProcAddress
GetLastError
CreateThread
GetModuleHandleA
MultiByteToWideChar
lstrlenA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA

user32

wsprintfA

advapi32

RegCreateKeyA
RegSetValueA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyA

ole32

CoFreeUnusedLibraries
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoUninitialize
CoInitialize

msvcrt

swprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
malloc
wcscpy
wcslen
sprintf
_close
_read
_write
free
_wcsdup
_lseeki64
_open
_isctype
__mb_cur_max
_pctype
_purecall

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

600f55000370a4e84f873a430d49189c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB