361c23829fb3b25d49ae6f93b8030c2c_JaffaCakes118

General

Target

361c23829fb3b25d49ae6f93b8030c2c_JaffaCakes118
Size

76KB
MD5

361c23829fb3b25d49ae6f93b8030c2c
SHA1

1df424dcbbd23a66d9b204be52b87796d4a90505
SHA256

11bd39ec2b156cbe959a9249518bc0615f6058fe55553cb7200b941ff7bfe760
SHA512

3c74039294706254799bd3c27e6118a3227b361d94ee3231bff9c5bf8d307c5d187209c07fa6fbaf276f1476b75e6661d2265202150ae62504abdc9fa1088343
SSDEEP

1536:qGI5z/ZBjKi1Dpw4A/4ItN+D7Qw4J5c7tGxrrJm+mVO5F:q75zxBjKi1Dpwx4ItNuUw4HEGZrJmTY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
361c23829fb3b25d49ae6f93b8030c2c_JaffaCakes118

Files

361c23829fb3b25d49ae6f93b8030c2c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1789a670e578d18f8d780e1b28d2d874

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
WaitForSingleObject
CloseHandle
VirtualProtect
ReleaseMutex
HeapFree
InterlockedExchange
DeleteFileA
InterlockedDecrement
MapViewOfFile
CreateDirectoryA
HeapAlloc
InterlockedIncrement
GetModuleHandleA
ReadFile
GetModuleFileNameA
MoveFileExA
UnlockFile
SetMailslotInfo
IsBadWritePtr
CreateFileW
TerminateJobObject
ReleaseActCtx
SetCurrentDirectoryW
GetStringTypeExA
SetConsoleActiveScreenBuffer
lstrcmpiA
FindNextChangeNotification
GetVolumePathNameW
CancelIo
IsBadHugeWritePtr
GetVersionExA
SetCurrentDirectoryA
CreateRemoteThread
LockResource
SetFileTime
SetDefaultCommConfigW
FreeResource
SetLocalTime
GetCPInfo
GetWindowsDirectoryA
CreateToolhelp32Snapshot
PeekConsoleInputW
GetConsoleCP
DeleteVolumeMountPointW
CreateMutexW
OpenSemaphoreA
GetCommState
CreateWaitableTimerW
WriteConsoleW
HeapWalk
CopyFileW
Beep
IsValidLanguageGroup
GetLocaleInfoA
GetLongPathNameW
GlobalAddAtomW
IsWow64Process
IsValidCodePage
GetStringTypeExW
ReadProcessMemory
ProcessIdToSessionId
GetDiskFreeSpaceA

shlwapi

SHDeleteKeyA
StrCatBuffW
StrChrW
PathSkipRootW
StrChrIW
wnsprintfW
StrToIntExW
PathIsURLW
PathFindNextComponentW
StrStrA
SHCreateShellPalette

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1789a670e578d18f8d780e1b28d2d874

Headers

File Characteristics

Imports

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 2KB