384f053f5d58890c90071f4a024e1a28_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

384f053f5d58890c90071f4a024e1a28_JaffaCakes118
Size

38KB
MD5

384f053f5d58890c90071f4a024e1a28
SHA1

b334a611f3b7bc5656845f4a911ae6c3f7ab3010
SHA256

51d611d0a7595db4dd67e5c113830b339aedd70dd1ae5581d0ce545fa1487beb
SHA512

1ee8f411c1816c9a608b9e83f45ce0c298b6e1d5bb3758d0f4880de437f231e57d9e0a7af4707811da73ece3a6a3f7325ed7099bbd8ea8fffdc95a4bf9d50465
SSDEEP

384:cvEzYULWXJJ9S3wWPLSHdIoSZNM934My4aSCAk56y4a0mjgT203GLKQ1pvZjZfGG:yEAROFNm4MyJfAPyJ0mr0gJpm6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
384f053f5d58890c90071f4a024e1a28_JaffaCakes118

Files

384f053f5d58890c90071f4a024e1a28_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

2fe4ee83fe0f08442e05f4ae85f2ea16

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc71

ord923
ord928
ord932
ord930
ord934
ord2410
ord2394
ord2413
ord2408
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord2991
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord3317
ord572
ord764
ord741
ord2086
ord1545
ord4232
ord3164
ord587
ord2092
ord1641
ord1571
ord4238
ord2958
ord3230
ord658
ord5182
ord4212
ord4735
ord4890
ord2020
ord1671
ord1670
ord1551
ord5912
ord1401
ord4244
ord5203
ord4262
ord3182
ord605
ord354
ord1794
ord784
ord2322
ord2495
ord781
ord2882
ord2164
ord2657
ord5731
ord2654
ord4320
ord5746
ord6236
ord6067
ord5491
ord5403
ord911
ord4580
ord557
ord745
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord2247
ord3948
ord4568
ord5230
ord5213
ord5566
ord3829
ord2838
ord2990
ord4481
ord3262
ord566
ord757
ord6252
ord1138
ord314
ord1150
ord3618
ord3604
ord3044
ord3602
ord3657
ord3520
ord6265
ord4314
ord5380
ord2857
ord2942
ord3275
ord476
ord701
ord1957
ord1329
ord1123
ord5960
ord4173
ord4556
ord4498
ord5519
ord1658
ord4737
ord4814
ord5860
ord1621
ord1424
ord5118
ord2509
ord3756
ord5061
ord4575
ord4577
ord2422
ord2556
ord5487
ord3980
ord4531
ord4530
ord4642
ord4514
ord4795
ord4404
ord4374
ord4449
ord4879
ord4821
ord4826
ord4831
ord4527
ord4801
ord4800
ord4536
ord4535
ord4534
ord4512
ord4558
ord4919
ord4521
ord4506
ord4186
ord4656
ord4513
ord4496
ord4495
ord4958
ord4438
ord4205
ord4193
ord4188
ord4613
ord4615
ord4612
ord4245
ord4459
ord4900
ord4252
ord4883
ord4870
ord1997
ord2993
ord4395
ord2510
ord1906
ord6270
ord2538
ord2732
ord2836
ord4308
ord2541
ord2645
ord3950
ord4483
ord5679
ord683
ord4845
ord5896
ord2512
ord4108
ord4109
ord2271
ord6006
ord5716
ord762
ord2368
ord1093
ord1147
ord1132
ord5261
ord2050
ord2250
ord2253
ord2252
ord2272
ord4104
ord3086
ord4085
ord4301
ord3825
ord451
ord3661
ord3537
ord4426
ord4540
ord4726
ord4903
ord4582
ord6271
ord5210
ord4279
ord2858
ord4484
ord479
ord1763
ord1134
ord703
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord6264
ord2911
ord1230
ord300
ord1050
ord1600
ord4282
ord765
ord315
ord1037
ord1206
ord1208
ord1098
ord371
ord1120
ord1201
ord1175
ord1177
ord1209
ord1092
ord1167
ord581
ord5111
ord1443
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4240
ord1402
ord3946
ord1617
ord1620
ord5915
ord1591
ord2095
ord1280
ord3163
ord3210
ord1084
ord1185
ord1482
ord2933
ord299
ord2902
ord6118
ord1489
ord297
ord310
ord421
ord966
ord2468
ord578
ord655
ord4353
ord1934
ord876
ord3641
ord5456
ord304
ord1049

msvcr71

fclose
fwrite
fopen
__CxxFrameHandler
getenv
malloc
free
?terminate@@YAXXZ
_except_handler3
memset
??1type_info@@UAE@XZ
__dllonexit
_onexit
__security_error_handler
__CppXcptFilter
_adjust_fdiv
_initterm

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
DeleteFileA
GetVersionExA
GetSystemTimeAsFileTime

user32

SendMessageA
EnableWindow
LoadImageA
FillRect

gdi32

GetStockObject
CreateSolidBrush
Ellipse

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

oleaut32

LoadRegTypeLi

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fe4ee83fe0f08442e05f4ae85f2ea16

Headers

File Characteristics

Imports

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

oleaut32

iphlpapi

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 4KB