32f9434f16ebbb40b020f9114a220f25_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

32f9434f16ebbb40b020f9114a220f25_JaffaCakes118
Size

48KB
MD5

32f9434f16ebbb40b020f9114a220f25
SHA1

c5af4fc29a2fad573a096a85aba3564585f1b599
SHA256

ce15c165109a5e29471d6d9b5d44a10ef195665ebf9a6168182034e6413c7eb8
SHA512

d8d7e41cebc8609938f5febcc9a81c03a18541cce265202c08138bc4e04e85705a888a23030e0e03132bf1dcb1e4e6541d20e6dc82bc774f2277c8693c0771b2
SSDEEP

768:7vXlaq1uqFKg0GHpjAUwSAtwFCbPYjZTOmBGc114v8gx4MWOsrFXBVzvef:7JkqR0ipCXbPC0BcDe4z2f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32f9434f16ebbb40b020f9114a220f25_JaffaCakes118

Files

32f9434f16ebbb40b020f9114a220f25_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ebaa9b7e60cb60fd6cba91b728752eee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
MultiByteToWideChar
lstrlenA
WritePrivateProfileStringA
FreeLibrary
InterlockedIncrement
GetCommandLineW
GetSystemDirectoryA
GetLocalTime
GetLastError
DeleteFileA
MoveFileA
SetFileAttributesA
WideCharToMultiByte
FindFirstFileA
GetCurrentProcessId
CreateEventA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
HeapDestroy
GetShortPathNameA
GetModuleHandleA
GetWindowsDirectoryA
CreateThread
Sleep
Process32First
Process32Next
CloseHandle
LoadLibraryA
GetProcAddress
FindNextFileA
GetModuleFileNameA

user32

SetTimer
PostMessageA
DefWindowProcA
GetMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
ShowWindow
CallNextHookEx
RegisterClassExA
FindWindowExA
SetWindowTextA
SendMessageA
KillTimer
IsWindow

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance

oleaut32

SysStringLen
LoadRegTypeLi
SysAllocString
VariantClear
SysFreeString

msvcrt

_strlwr
fopen
fwrite
fclose
memcmp
_purecall
rand
free
_initterm
malloc
_adjust_fdiv
_stricmp
strchr
memcpy
strcmp
memset
strcat
_access
??2@YAPAXI@Z
sprintf
strlen
strstr
strcpy
??3@YAXPAX@Z
strrchr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebaa9b7e60cb60fd6cba91b728752eee

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcrt

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 1KB