4538debb4a2bbf30bb0c0d4e79825ea6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4538debb4a2bbf30bb0c0d4e79825ea6_JaffaCakes118
Size

2.6MB
MD5

4538debb4a2bbf30bb0c0d4e79825ea6
SHA1

79f161c4c9c2a0f43442525674d31b6e66ab1995
SHA256

1a8273bbf7d0d9d7bc9d15f2146260e75f92f8c24e0bfb51af4acb31a6b32f3e
SHA512

5d90b91c3e65311f27591894e7647cabe752097665c5e0770e993a72b2954f9324a44fa8497c6964b6539e8041f63393d0fb050f18a1a632f087cd50ae18036b
SSDEEP

49152:8CUpvYesNGC0ZLrBU77G5SO9F5UF2vsx28lA+v6+FllFMQINGTDreP9FrQaN:q5LZJU7q5zF5U528lAr2MQvDr4H8a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4538debb4a2bbf30bb0c0d4e79825ea6_JaffaCakes118

Files

4538debb4a2bbf30bb0c0d4e79825ea6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d87cce215d289c007520eaeee35a6ea7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetVolumeLabelW
VirtualProtect
GetShortPathNameA
FindCloseChangeNotification
GetDateFormatA
GetSystemInfo
GetProcessVersion
GetCurrentActCtx
SetLastError
GetStringTypeExW
SetErrorMode
GetFileAttributesA
LoadLibraryA
SearchPathW
SetFileTime
CreateMailslotW
GetTickCount
lstrcmpA
InterlockedIncrement
LockResource
IsBadWritePtr
DnsHostnameToComputerNameW
GetProcAddress
GetThreadPriority

ole32

CoSetProxyBlanket
CoQueryProxyBlanket
CoFreeUnusedLibraries
OleCreate
CoCreateInstanceEx

user32

DialogBoxIndirectParamW
EnumThreadWindows
SetPropA
NotifyWinEvent
MapWindowPoints
SetActiveWindow
SetCursorPos
SetFocus
CreateIconIndirect
MessageBoxExW

shlwapi

PathBuildRootW
PathRemoveFileSpecA
StrDupA

advapi32

StartServiceA
QueryServiceConfig2W
CloseServiceHandle
NotifyBootConfigStatus
InitiateSystemShutdownW
ControlService
StartServiceW
CheckTokenMembership
RegisterServiceCtrlHandlerExW
CredReadW

shell32

SHGetFolderPathAndSubDirW

gdi32

SelectPalette
Escape
Polygon
CombineRgn
CreateHalftonePalette
ExtFloodFill
GetBkColor
LPtoDP
GetTextMetricsA
CreateEllipticRgnIndirect

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 864KB - Virtual size: 860KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d87cce215d289c007520eaeee35a6ea7

Headers

File Characteristics

Imports

kernel32

ole32

user32

shlwapi

advapi32

shell32

gdi32

Exports

Exports

Sections

.text Size: 864KB - Virtual size: 860KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 68KB - Virtual size: 65KB

.text
Size: 864KB - Virtual size: 860KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 68KB - Virtual size: 65KB