17776a78eedda974732c9593dafdb79a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17776a78eedda974732c9593dafdb79a_JaffaCakes118
Size

48KB
MD5

17776a78eedda974732c9593dafdb79a
SHA1

4a74882a21e2f43f0c556a527db3ec7eb9101682
SHA256

37a870a802072496fa66cddba266d8e35e571e6d9013c99022f48acdf99b3c4d
SHA512

042d4f53ef8a920805059ed6a96965e6c5b80062d93775b16c73a1c6557aa28dd762a23fab21b1b69c146e89d6724a86e5159487e594ee4cd00d32f20d160502
SSDEEP

768:XobsK9704vq5ebtI7EhbanF08jfgfErV/dy+gaT6ZFAuHbxEPA/kDXO:Q9Dc2tgzn9jf2E1H81EPAOXO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17776a78eedda974732c9593dafdb79a_JaffaCakes118

Files

17776a78eedda974732c9593dafdb79a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d5a47ef4e0bd8b3300b6174facf6a4f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CopyFileA
CreateSemaphoreA
DisableThreadLibraryCalls
FindAtomA
FreeLibrary
GetACP
GetAtomNameA
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
MultiByteToWideChar
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte
lstrlenW

msvcrt

__dllonexit
__mb_cur_max
_assert
_controlfp
_errno
_iob
_isctype
_mkdir
_pctype
_putenv
_snprintf
abort
calloc
exit
fclose
fflush
fopen
fprintf
free
getenv
malloc
memcmp
memset
realloc
strchr
strcmp
strlen
tolower
wcslen

ole32

CoCreateInstance

oleaut32

SafeArrayAccessData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocString
SysFreeString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5a47ef4e0bd8b3300b6174facf6a4f4

Headers

File Characteristics

Imports

kernel32

msvcrt

ole32

oleaut32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 416B

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: - Virtual size: 37KB

.edata Size: 512B - Virtual size: 162B

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 416B

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: - Virtual size: 37KB

.edata
Size: 512B - Virtual size: 162B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB