482556a889a963e5e1db8a7838a60528_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

482556a889a963e5e1db8a7838a60528_JaffaCakes118
Size

30KB
MD5

482556a889a963e5e1db8a7838a60528
SHA1

59af07f7f3ae9926ad674f4fa709737622ae889a
SHA256

847430a569b592f544ac2ce9595da8a6c91edc4f32f92048c2f2579c8d2f0161
SHA512

a0a7d2dec357db93ed5fc66f48dc402ab266c9508fc01d2355b800dc7881f52c586ab7daca5aa48e0ce2db1e32e7d91bb2cac27090fcf58c883c53d7b3bf140b
SSDEEP

384:jexeIwcCbqc0YcX7B9cVUf0lHKYJea9ZMbNPuWLxV5rGKEiTbw7yS:jeAcCbcLwnr9ZyPuWLxrr9/TCyS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
482556a889a963e5e1db8a7838a60528_JaffaCakes118

Files

482556a889a963e5e1db8a7838a60528_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

3d6056b7d678f1dbdf5762a6263b26e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
SetEvent
CloseHandle
WaitForSingleObject
ExitThread
GetTickCount
lstrlenW
GetModuleHandleA
lstrcpyW
lstrcatW
HeapFree
GetProcessHeap
lstrlenA
IsBadStringPtrA
lstrcmpA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
lstrcpyA
lstrcmpiA
HeapAlloc
HeapReAlloc
CompareStringW
Sleep
lstrcatA
GetSystemDirectoryA
SetFilePointer
CreateFileA
ReleaseMutex
SetEndOfFile
CreateEventA
CreateMutexA
CreateThread
ReadFile
WriteFile
WriteProcessMemory
GetCurrentProcess
VirtualProtect
GetModuleFileNameA

user32

wsprintfA
CharUpperW
CharLowerA
EndPaint
wsprintfW

advapi32

CryptDecrypt
InitializeSecurityDescriptor
CryptReleaseContext
CryptDestroyKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
CryptDestroyHash
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
SetSecurityDescriptorDacl

ole32

StringFromIID
CoGetMalloc

oleaut32

SysFreeString
SysAllocString

wininet

InternetConnectA
InternetCrackUrlW
InternetCrackUrlA

urlmon

CoInternetCombineUrl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d6056b7d678f1dbdf5762a6263b26e1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

urlmon

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 340B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 340B

.reloc
Size: 1KB - Virtual size: 1KB