3e6dbaae980de4fa96dbf3a6857587cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e6dbaae980de4fa96dbf3a6857587cb_JaffaCakes118
Size

1.2MB
MD5

3e6dbaae980de4fa96dbf3a6857587cb
SHA1

79645f41b26135675f5abc16ed1d04695c026037
SHA256

1a8727100ecec8ce8bb5e6d778b9ba5594926545c0523b6d69601bdbe01b990a
SHA512

c171e41530023a1c2d6acd5af9c62d0862e4cd09bdb10477e56b7019260994a5ebaa8ea127e43c4a548111921138d46d010ab5ab22e1c3e0a3718224c79ebba0
SSDEEP

24576:rinUyiLwYHw9zWB4qIuvmBSBR70riSh+cVZlNxzDPriq8Y2hN:+nUZLHwta4qIuNBp0ritcVZ3RWq8YS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e6dbaae980de4fa96dbf3a6857587cb_JaffaCakes118

Files

3e6dbaae980de4fa96dbf3a6857587cb_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9c89ce710abca31f7190814516360dcb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenFileMappingA
GlobalDeleteAtom
GetEnvironmentStrings
GetExitCodeThread
GetSystemWow64DirectoryW
GetProcessAffinityMask
GetProfileStringW
ProcessIdToSessionId
LocalSize
FlushViewOfFile
DisconnectNamedPipe
SetFileApisToOEM
FindFirstVolumeMountPointW
WaitForSingleObject
FindAtomW
GetDateFormatW
IsValidLocale
InterlockedDecrement
GetUserDefaultLCID
SwitchToThread
lstrcatW
SleepEx
LoadLibraryA
RegisterWaitForSingleObject
GetProcAddress

ole32

CoLockObjectExternal
GetHGlobalFromILockBytes
OleInitialize
StgOpenStorageEx
OleSetMenuDescriptor
OleQueryCreateFromData
OleRegEnumVerbs

user32

SetScrollInfo
EnumDisplaySettingsA
IsCharAlphaNumericW
CloseDesktop
GetMenuItemInfoW
AttachThreadInput
LoadAcceleratorsW
LoadCursorW
TabbedTextOutA
WindowFromDC
MessageBoxExA
BeginDeferWindowPos
SetScrollPos
ReleaseDC
SetTimer
InvalidateRgn
GetMessageA
ClientToScreen
CreateIcon
CallWindowProcW
GetWindowLongW

oleaut32

SysAllocString
SysStringByteLen
SysReAllocStringLen

shlwapi

SHCreateShellPalette
StrTrimW
UrlCreateFromPathW
PathGetCharTypeA
PathIsUNCServerW

advapi32

RegFlushKey
SaferSetLevelInformation
RegLoadKeyA
GetEffectiveRightsFromAclW
RegDisablePredefinedCache
RegSetValueExA
MapGenericMask

shell32

SHBrowseForFolderA
SHGetInstanceExplorer
SHSetLocalizedName
ShellAboutW
SHAddToRecentDocs
SHGetFileInfoA

gdi32

SetLayout
ExtCreatePen
GetTextExtentPoint32A
RoundRect
TextOutW
SetTextAlign
CreateRoundRectRgn
GetTextFaceW
FillRgn
SetDIBColorTable
SetPolyFillMode

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 712KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c89ce710abca31f7190814516360dcb

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

gdi32

Exports

Exports

Sections

.text Size: 712KB - Virtual size: 710KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 60KB - Virtual size: 58KB

.text
Size: 712KB - Virtual size: 710KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 60KB - Virtual size: 58KB