30362dc16e1c6e188708d328e2f6afce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30362dc16e1c6e188708d328e2f6afce_JaffaCakes118
Size

92KB
MD5

30362dc16e1c6e188708d328e2f6afce
SHA1

b762350310e48d45562f1cef12635e62e71ed29d
SHA256

5a274445797a6cf6d2f0b3f08036e6e16bf112f2a536b37a96e3ffb014a92667
SHA512

1f3c7e3f61e7162755138bf1fa269c762b273043579f1cc9ad11288e87554604eb8de10b231bafad7e3d9e3a8a8eab463dafbd606dac4c783bcdeba26fc82de6
SSDEEP

1536:/XPSkkUp/K6zhOdkfnivqs0iIWn3iW/W29p3ZogvEj5PjuuvXm1:/fVkq/K6zhzfniveiPn3kyp3FSJvXm1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30362dc16e1c6e188708d328e2f6afce_JaffaCakes118

Files

30362dc16e1c6e188708d328e2f6afce_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

c837288a744c7133794ed116ec235345

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
DeleteDC
GetDeviceCaps

kernel32

GetTickCount
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultLangID
GetProcAddress
LoadLibraryA
DeleteCriticalSection
FreeLibrary
GetACP
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
lstrlenA
SizeofResource
WideCharToMultiByte
LoadLibraryW
DisableThreadLibraryCalls
HeapDestroy
InitializeCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
HeapSize
HeapAlloc
HeapFree
HeapReAlloc
VirtualAlloc
VirtualFree
GetProcessHeap
ExitProcess
TerminateProcess
RtlUnwind
GetLastError
LoadResource

user32

wsprintfW
ReleaseDC
GetFocus
SetFocus
IsChild
InvalidateRect
ShowWindow
GetParent
DestroyWindow
GetDC

advapi32

RegCloseKey

oleaut32

SysStringLen
LoadTypeLi
VariantCopy
OleCreatePropertyFrame
SysFreeString
RegisterTypeLi
VarUI4FromStr
SysAllocString
VariantInit
VariantClear
LoadRegTypeLi

ole32

CoCreateInstance
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemRealloc
CoTaskMemAlloc
CreateBindCtx
CoTaskMemFree

shlwapi

PathAddBackslashW
ord125
PathRemoveFileSpecW
ord45
StrCmpIW
ord55
ord94
ord141
ord37
ord102
ord314
ord315
ord366
StrCmpNIW
StrCatBuffW
PathAppendW
StrCpyNW
ord56
SHQueryValueExW
wnsprintfW
ord126
ord48
StrCpyW
StrCatW
ord105
ord66
ord80
ord130
ord361
ord83
ord123
ord40
ord121
ord120
ord347

Exports

Exports

DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c837288a744c7133794ed116ec235345

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

user32

advapi32

oleaut32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 70KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 2KB

.text Size: 112KB - Virtual size: 112KB

.text
Size: 72KB - Virtual size: 70KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 112KB - Virtual size: 112KB