3b24660cb980fadd2a3c7b1e02bc7d8a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b24660cb980fadd2a3c7b1e02bc7d8a_JaffaCakes118
Size

45KB
MD5

3b24660cb980fadd2a3c7b1e02bc7d8a
SHA1

032151d87cc521cb30d20433ce7c3ce1f986bcf2
SHA256

ec2ed00535979b8873165bcd92645383db693311e8e9132d2c26134754ef3782
SHA512

07daaf88343ae22836b9c0bb7897ed8fec4bff86f3fd9d93b04a8ea038d49801a355f4d50b4c4a646049862dc92a31692021c3d62c5e33f69b62ec974ecd6ee9
SSDEEP

768:ZM2x/X7VTKHVD5UVUR/OfIKC26odUMBtjFJeY+cenOYaeifbNvIHfk7L72xC:a2R7VwDqVF16odxeYbeOYbikk7L7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b24660cb980fadd2a3c7b1e02bc7d8a_JaffaCakes118

Files

3b24660cb980fadd2a3c7b1e02bc7d8a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9471fed12b979a6d2710d3503115780e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrChrW
StrCpyW
StrRChrA
StrCmpNA
StrStrW
StrCatW
StrCmpIW
StrToIntA
StrCmpW
StrStrIA

kernel32

GetModuleHandleW
CreateThread
CreateMutexA
ResetEvent
ExitThread
GetTickCount
Sleep
WaitForSingleObject
GetModuleFileNameW
SetFilePointer
HeapFree
GetProcessHeap
HeapAlloc
lstrcatA
lstrcpyA
InitializeCriticalSection
HeapDestroy
DeleteFileW
CreateProcessW
GetBinaryTypeW
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetLastError
CreateDirectoryW
GetTempPathW
VirtualProtect
lstrcpynA
GetProcAddress
FreeLibrary
LoadLibraryA
HeapCreate
GetUserDefaultLangID
GetLocaleInfoA
GetSystemDefaultLangID
GetVersionExW
Process32NextW
WideCharToMultiByte
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessA
GetModuleFileNameA
CreateFileA
MultiByteToWideChar
ReadFile
GetFileSize
GetTimeFormatA
GetDateFormatA
FindClose
FindNextFileA
DeleteFileA
lstrcmpA
FindFirstFileA
lstrcmpiA
UnmapViewOfFile
PulseEvent
CreateEventA
GetCurrentThreadId
MapViewOfFile
CreateFileMappingW
LeaveCriticalSection
MoveFileA
EnterCriticalSection
GetModuleHandleA

user32

RegisterClassExW
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
GetWindowRect
SetTimer
GetClassNameA
wsprintfA
GetSystemMetrics
SetWindowsHookExW
DestroyWindow
GetWindow
SendMessageW
CallNextHookEx
GetClientRect
ShowWindow
DefWindowProcW

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

OleInitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
SysAllocString
SafeArrayUnlock
SafeArrayLock
SysAllocStringByteLen
VariantClear
VariantCopy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9471fed12b979a6d2710d3503115780e

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.data Size: 1KB - Virtual size: 49KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 39KB

.data
Size: 1KB - Virtual size: 49KB

.reloc
Size: 2KB - Virtual size: 2KB