41319f51f5a0cc450ac2816ece2f0b10_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41319f51f5a0cc450ac2816ece2f0b10_JaffaCakes118
Size

603KB
MD5

41319f51f5a0cc450ac2816ece2f0b10
SHA1

453d70d5395937e478f8973cd93da7c2d0ec26cf
SHA256

c9717c0633fecdac228ef909688a65ac59011d8344c9f50f9e38e36f445e3dd3
SHA512

012849a7833da69d95ec7fe28f2b825f5d1dabf2d18da89e0f5c4e12aedeb91b8790af15416460533418a0c5ac380a7302a29c10361355f889401668869a5aab
SSDEEP

12288:7XyoYsh6h24nY0+Y/K7saQHtiryS5L/MqGYroY/ufDXclOAy5FhMoZ5Av7G5d:7B5h6YHu/KqNWySp/MqGCoY/uLXUOjFZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41319f51f5a0cc450ac2816ece2f0b10_JaffaCakes118

Files

41319f51f5a0cc450ac2816ece2f0b10_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

0f4a5c9a9f0540b2c0aeaab48a6d5a4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GetProcAddress
LoadLibraryA
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
GetCurrentProcess
GetThreadContext
SetThreadContext
GetLastError
SuspendThread
GetCurrentThread
SetLastError
FlushFileBuffers
FlushInstructionCache
GetModuleFileNameA
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

RegSetKeyValueW

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysFreeString
VarBstrCmp
SysStringLen

Exports

Exports

DllAuxProc
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f4a5c9a9f0540b2c0aeaab48a6d5a4b

Headers

File Characteristics

Imports

kernel32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 516KB - Virtual size: 515KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 192B

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 516KB - Virtual size: 515KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 192B

.reloc
Size: 44KB - Virtual size: 44KB