26b1029d22328102a335a4cf812e80c4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26b1029d22328102a335a4cf812e80c4_JaffaCakes118
Size

92KB
MD5

26b1029d22328102a335a4cf812e80c4
SHA1

7ead5fc6df719bb3535e6f5f8993a09ddfa50843
SHA256

ce9c844be15c873d45774a411bbfc84ede0ca4c441ddbc7531fc9a211632778d
SHA512

f4dd887c42c76856a78b9d6352c84c59fcf645be8334d1bcb39fc76ebcdb5dc8dff0a34e5b7bcffceb3b08e2e3f9bcb65df8904424a16a6232d0994d39c0a7bb
SSDEEP

1536:IKQXawtkCnMJM3QaiqBmrTr/ktE8Mo9ZHjljkdRZlnc:IbXawtkCndQaiqfMo9ZHjlj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26b1029d22328102a335a4cf812e80c4_JaffaCakes118

Files

26b1029d22328102a335a4cf812e80c4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

614a74b668df44eabd65f017c1c0dcc5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcessModules
GetModuleFileNameExA

rpcrt4

UuidToStringA
RpcStringFreeA

shlwapi

SHDeleteKeyA

kernel32

CloseHandle
Process32First
CreateToolhelp32Snapshot
CreateProcessA
SetFilePointer
GetStringTypeW
GetStringTypeA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
lstrcmpiA
GetLastError
TlsGetValue
SetLastError
lstrlenW
TlsAlloc
TlsSetValue
RtlUnwind
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleHandleA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
OpenProcess
Process32Next
lstrlenA
MultiByteToWideChar
GetProcAddress
FreeLibrary
LoadLibraryA
Sleep
SetHandleCount
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
HeapSize
HeapReAlloc
TerminateProcess
ExitProcess
GetVersion
GetCommandLineA
HeapAlloc
HeapFree
InterlockedExchange
GetModuleFileNameA
DisableThreadLibraryCalls
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
SetStdHandle
FlushFileBuffers
TlsFree

user32

IsWindowVisible
SetTimer
ReleaseDC
GetDlgItem
GetDC
GetSystemMetrics
LoadBitmapA
CopyRect
SetWindowPos
CallWindowProcA
GetCapture
SetCapture
GetWindowThreadProcessId
GetClientRect
PtInRect
ScreenToClient
GetWindowLongA
SendMessageA
DefWindowProcA
GetClassNameA
RegisterWindowMessageA
SendMessageTimeoutA
GetActiveWindow
EnumChildWindows
MessageBoxA
SetWindowLongA
CreateDialogParamA
GetParent
IsWindow
ShowWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
EnumWindows
CharUpperA
ReleaseCapture
InvalidateRect

gdi32

CreateCompatibleDC
SaveDC
SelectObject
BitBlt
RestoreDC
DeleteDC
GetObjectA
DeleteObject
GetTextMetricsA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA
RegCloseKey

ole32

CLSIDFromProgID
CoCreateInstance

oleaut32

SysAllocStringLen
VariantClear
SysStringLen
LoadRegTypeLi
SysAllocString
SysFreeString

atl

ord23
ord44
ord21
ord30
ord31
ord16
ord15
ord18
ord57
ord32
ord43
ord58

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

614a74b668df44eabd65f017c1c0dcc5

Headers

File Characteristics

Imports

psapi

rpcrt4

shlwapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

atl

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 4KB