26d00e71047b1d2c0fcfd7a5c868218a_JaffaCakes118

General

Target

26d00e71047b1d2c0fcfd7a5c868218a_JaffaCakes118
Size

40KB
MD5

26d00e71047b1d2c0fcfd7a5c868218a
SHA1

48a78d59d9839efa45e7fe0ad169d0ee5a4a3861
SHA256

3680a127c7e928f8dc806ffb84b0894acebcaaa968026b2f78e15c649badd288
SHA512

092be7926eedbe03c887941d422f876220d7d58023dc42e48a3cf13cf707a3c2b43c1fc995ab03654eb1f13b69c45f9bd1bc0bd7b5330917299a3148b991c4cf
SSDEEP

768:bptRsC1oL0kjdb0MUpkavrk1EPUQ+qKyzN9kgLa19P:bptuCKH+NL9bLav

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26d00e71047b1d2c0fcfd7a5c868218a_JaffaCakes118

Files

26d00e71047b1d2c0fcfd7a5c868218a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7a5d4122b9ff15ecc3a72fe19716a236

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
GetSystemDirectoryA
WinExec
GetWindowsDirectoryA
InterlockedIncrement
LoadLibraryA
CreateMutexA
VirtualAlloc
GetProcAddress
GetModuleFileNameA
GetLocalTime
GetLastError
CreateThread

user32

RegisterClassExA
ShowWindow
CreateWindowExA
PostMessageA
CallNextHookEx
SetTimer
DefWindowProcA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
SetWindowsHookExA
UnhookWindowsHookEx
KillTimer
FindWindowExA

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

SHGetValueA

msvcrt

fclose
_adjust_fdiv
malloc
_initterm
free
atoi
_except_handler3
strchr
fopen
fwrite
_stricmp
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
sprintf
strrchr

wininet

InternetSetOptionA
InternetOpenA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
HttpQueryInfoA

netapi32

Netbios

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a5d4122b9ff15ecc3a72fe19716a236

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

wininet

netapi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 848B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 848B