176254510bcfefaa8dcd1e00126316a2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

176254510bcfefaa8dcd1e00126316a2_JaffaCakes118
Size

2.5MB
MD5

176254510bcfefaa8dcd1e00126316a2
SHA1

e2a1f43512a518bcb28c4f32803060062a7edd10
SHA256

0abcaf4b5ace8636f6f5697d09da5fdf404ccfe6ddde6445203269532332d426
SHA512

0202a5dbbdd771601a61dc66f6e3f2abb5c8fa8b7533916e5660eda3f9221f8db0ce82350ce5918149f89dbb756f1dc0221f1a295d2167106a8500334032c064
SSDEEP

49152:QeyaxRYQx77VbdbFw4x0zAphH6gvlWKPlMRJbFxcbq8yVVOLJTlqoSmHxtN:/xRlxNw49CgvlWKdMRJJl1VOLJZ3HjN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
176254510bcfefaa8dcd1e00126316a2_JaffaCakes118

Files

176254510bcfefaa8dcd1e00126316a2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a123cd193a375a923fc21d0198fbbd98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateNamedPipeA
SetCurrentDirectoryA
GetLocalTime
WaitForSingleObjectEx
lstrcatW
GetTempPathW
GetStringTypeW
GetStringTypeA
SetFileApisToOEM
GetAtomNameW
GlobalDeleteAtom
OpenProcess
SetHandleCount
CancelIo
UnlockFileEx
GetComputerNameA
WriteProcessMemory
MapViewOfFileEx
CreateMutexA
IsWow64Process
GetThreadContext
IsDBCSLeadByteEx
HeapAlloc
GetFileAttributesW
lstrlenA
ConvertDefaultLocale
GetTimeFormatW
UnregisterWait
SetCurrentDirectoryW
LockResource
RemoveDirectoryA
GetWindowsDirectoryW
FatalAppExitA
FindVolumeMountPointClose
GetShortPathNameW
SetLocalTime
LocalUnlock
GlobalFindAtomA
GetCalendarInfoW
LoadLibraryA
DnsHostnameToComputerNameW
LCMapStringW
OpenThread
ExpandEnvironmentStringsA
LockFileEx
GetProcAddress
CreateToolhelp32Snapshot

ole32

OleCreateFromData
CoQueryProxyBlanket
BindMoniker
CreateOleAdviseHolder
CoCreateInstanceEx
CreateBindCtx
OleLoadFromStream
CoMarshalInterface
CoSwitchCallContext

user32

MessageBoxIndirectW
InvertRect
GetClassInfoW
SetActiveWindow
RemovePropW
CharLowerA
RemoveMenu
SetRect
SetForegroundWindow
GetSysColor
LoadIconA
MsgWaitForMultipleObjects
SetDlgItemInt
SendInput
CopyAcceleratorTableW
GetWindowThreadProcessId
LoadImageW
CharLowerBuffW
GetCaretBlinkTime
GetComboBoxInfo
FillRect
WaitForInputIdle
CreateIconFromResourceEx
GetScrollInfo
GetParent
CharPrevA
CharNextW
GetClassLongW
CharNextA
GetCursor
OemToCharBuffA
SendMessageW
DrawIconEx
TrackPopupMenuEx
GetDlgItemTextW

shlwapi

StrChrW
PathAppendA
StrStrIW
StrCatBuffW
SHRegGetUSValueW
PathUnquoteSpacesW
PathCanonicalizeW
PathCombineW
wnsprintfA
StrTrimW
StrDupW
PathRenameExtensionW

advapi32

RegQueryInfoKeyA
RegisterServiceCtrlHandlerExW
RegDeleteValueA
RegisterEventSourceW
RevertToSelf
QueryServiceConfigA
SaferGetPolicyInformation
SaferCloseLevel
DeregisterEventSource
QueryServiceStatus

shell32

SHAppBarMessage
SHBrowseForFolderW

gdi32

SetWindowExtEx
GetFontResourceInfoW
BitBlt
CreateEnhMetaFileA
BeginPath
RectVisible
GetCharABCWidthsA
CloseFigure
SetTextColor
GetBkMode
CopyEnhMetaFileA
CreateMetaFileA
CreateScalableFontResourceA
CreateBitmapIndirect
PolylineTo
PolyPolyline
SetBrushOrgEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 828KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a123cd193a375a923fc21d0198fbbd98

Headers

File Characteristics

Imports

kernel32

ole32

user32

shlwapi

advapi32

shell32

gdi32

Exports

Exports

Sections

.text Size: 828KB - Virtual size: 824KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 64KB - Virtual size: 63KB

.text
Size: 828KB - Virtual size: 824KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 64KB - Virtual size: 63KB