44916459838c23582efe3b236deff0b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44916459838c23582efe3b236deff0b6_JaffaCakes118
Size

672KB
MD5

44916459838c23582efe3b236deff0b6
SHA1

72b8776b58359524399c3b92096b082aee6c2747
SHA256

cca31af44be79bcb18a568c62a911e5d8dc0a41253062a913adb7ad86ae6c4aa
SHA512

093bfeaf22863734bcaa5ee2a5f5d0e261f91a423286bf4fff039058df0ba617690e3e75922bc60f62173a3feb23cc4fc9f75a0f78d760ddeb792a365e2b3029
SSDEEP

12288:oZ+1SiCQNJUvUt47MltfVRtxsYq9OypPIak7bnjImwYAOxjpy:D1SaNJUvUtYMDfTtOYq7pQPXjIFY4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44916459838c23582efe3b236deff0b6_JaffaCakes118

Files

44916459838c23582efe3b236deff0b6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

74da4807ac6647d32362a5ec8bcd0be3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
lstrlenA
LoadLibraryA
FreeLibrary
GetLastError
GetTickCount
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
CreateThread
InterlockedExchange
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreA
WaitForSingleObject
WaitForMultipleObjects
SetEvent
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
ResetEvent
CreateEventA
GetVersionExA
DisableThreadLibraryCalls
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CloseHandle

advapi32

RegOpenKeyExA
RegSetValueExA
RegSetValueA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyA

ole32

StringFromGUID2
CoTaskMemAlloc
CoInitialize
CoFreeUnusedLibraries
CoCreateInstance
CoUninitialize
CoTaskMemFree

msacm32

acmStreamUnprepareHeader
acmStreamSize
acmStreamClose
acmStreamConvert
acmStreamPrepareHeader
acmStreamReset
acmStreamOpen

msvcrt

sprintf
calloc
qsort
_ftol
malloc
_CIpow
_purecall
toupper
sscanf
realloc
memmove
free
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
floor
ceil
ldexp
exit
frexp
_CIacos
strncmp

user32

GetQueueStatus
PostThreadMessageA
MsgWaitForMultipleObjects
PeekMessageA
wsprintfA
DispatchMessageA
RegisterWindowMessageA
wvsprintfA

oleaut32

SysAllocString
SysFreeString

winmm

timeSetEvent
timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74da4807ac6647d32362a5ec8bcd0be3

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

msacm32

msvcrt

user32

oleaut32

winmm

Exports

Exports

Sections

.text Size: 268KB - Virtual size: 266KB

.rdata Size: 192KB - Virtual size: 191KB

.data Size: 76KB - Virtual size: 79KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 8KB

.text Size: 116KB - Virtual size: 116KB

.text
Size: 268KB - Virtual size: 266KB

.rdata
Size: 192KB - Virtual size: 191KB

.data
Size: 76KB - Virtual size: 79KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 116KB - Virtual size: 116KB