445e78b8d3af77c20b51e4881302b1d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

445e78b8d3af77c20b51e4881302b1d7_JaffaCakes118
Size

204KB
MD5

445e78b8d3af77c20b51e4881302b1d7
SHA1

c2545a7516ab725cb1874ee916d549fe7a418a08
SHA256

091668edcce1d843c6966b1b0e024b9122008bf616238c8060a0aef7215e86f1
SHA512

64d56464bac2ed467aaccea37eb15b6c730930b5afda5dadd7b9c20282e6bba2e80d696553939bf6147bccc0350a0c6bfded02656354e94ccdab03db229a653f
SSDEEP

3072:kIklafzHkXxVsm5DdHZa5A31mHLVcYO0UPYv50fq3zWH1TAoLpHytNI:LkWwXxf1WyWtqVTAoZyt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
445e78b8d3af77c20b51e4881302b1d7_JaffaCakes118

Files

445e78b8d3af77c20b51e4881302b1d7_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

100afbf94929f593b1f90a8e38f245be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SSTUB.pdb

Imports

atl

ord16
ord21
ord18
ord57
ord23
ord15
ord32
ord58
ord30

ntdll

RtlUnwind

kernel32

TerminateProcess
GetSystemTimeAsFileTime
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
WriteFile
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
IsBadWritePtr
LoadLibraryA
InterlockedExchange
VirtualQuery
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
UnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess

oleaut32

LoadRegTypeLi
VariantInit
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

100afbf94929f593b1f90a8e38f245be

Headers

File Characteristics

PDB Paths

Imports

atl

ntdll

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 173KB - Virtual size: 174KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 173KB - Virtual size: 174KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB