2af3088f8f5eedef3808d07266035f9c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2af3088f8f5eedef3808d07266035f9c_JaffaCakes118
Size

75KB
MD5

2af3088f8f5eedef3808d07266035f9c
SHA1

3303dfe26751f63bd8f3c7f493e8b9c411fcf94d
SHA256

349cbcd4103c20c69c099b228264e7935a14f01e23f82dd569d63ca4ed7e83b4
SHA512

fbb8411156b0e07855925e9db96bd8b5070e731bc0a620d4cfade1141e525b51463bac1242797482df7136b2ae2af499ad4577b09d5d14dcdc23ffe45b98fa04
SSDEEP

1536:zD5TQyQ7pi1FdEpC2BsE5WIMbJQSgll1g7sf9gZT3vHhRt6oJdz+:GyeQDdE42GE59SQgUgJ3/7t6oJdz+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2af3088f8f5eedef3808d07266035f9c_JaffaCakes118

Files

2af3088f8f5eedef3808d07266035f9c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a429f6246588cf076a9600b6b30ef759

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType
MessageBoxA

advapi32

RegQueryValueExA

oleaut32

SysFreeString

urlmon

URLDownloadToFileW

wininet

InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aspr0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aspr1
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.aspr2
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a429f6246588cf076a9600b6b30ef759

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

urlmon

wininet

Exports

Exports

Sections

CODE Size: - Virtual size: 29KB

DATA Size: - Virtual size: 336B

BSS Size: - Virtual size: 2KB

.idata Size: - Virtual size: 2KB

.edata Size: - Virtual size: 162B

.aspr0 Size: - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 512B

.aspr1 Size: - Virtual size: 20KB

.aspr2 Size: 73KB - Virtual size: 73KB

.reloc Size: 512B - Virtual size: 172B

CODE
Size: - Virtual size: 29KB

DATA
Size: - Virtual size: 336B

BSS
Size: - Virtual size: 2KB

.idata
Size: - Virtual size: 2KB

.edata
Size: - Virtual size: 162B

.aspr0
Size: - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 512B

.aspr1
Size: - Virtual size: 20KB

.aspr2
Size: 73KB - Virtual size: 73KB

.reloc
Size: 512B - Virtual size: 172B