2e14dc9e9e40959fcc4aefeae8a874cf_JaffaCakes118

General

Target

2e14dc9e9e40959fcc4aefeae8a874cf_JaffaCakes118
Size

48KB
MD5

2e14dc9e9e40959fcc4aefeae8a874cf
SHA1

b1b1ad70484a4db97b98b64156407c7f704d6b96
SHA256

044be73875a66c4fc8945be0bbf1620a1cf52740599cc430c340d0e1fd42e466
SHA512

c53cfd362576a45f7a7a600248d560b9dcdc2b5bd21c8bf60fc2dd200d796b3a6c18cf5efa2ac1873a157f851b22e43e377499b32bd3a9a11fa989397d71b455
SSDEEP

768:Tj6mWOpyKamRXxpkavT4R7pit18AQgLa16:Tm8JB+litVRLaY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e14dc9e9e40959fcc4aefeae8a874cf_JaffaCakes118

Files

2e14dc9e9e40959fcc4aefeae8a874cf_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4280db98ec6a7d2f481a7f9cb57fa233

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CloseHandle
CreateMutexA
WinExec
GetSystemDirectoryA
CreateThread
VirtualAlloc
CreateProcessA
GetLocalTime
LoadLibraryA
GetModuleFileNameA
GetProcAddress
InterlockedIncrement
GetWindowsDirectoryA

user32

SetWindowsHookExA
UnhookWindowsHookEx
ShowWindow
FindWindowExA
PostMessageA
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
DefWindowProcA
RegisterClassExA
CallNextHookEx
CreateWindowExA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

free
_except_handler3
strchr
fopen
fwrite
_stricmp
fclose
__CxxFrameHandler
??2@YAPAXI@Z
_initterm
malloc
_adjust_fdiv
strrchr
sprintf
??3@YAXPAX@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4280db98ec6a7d2f481a7f9cb57fa233

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 920B

.reloc Size: 4KB - Virtual size: 932B

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: 4KB - Virtual size: 932B