49895a32716a573d2db99b00f1b1e154_JaffaCakes118

General

Target

49895a32716a573d2db99b00f1b1e154_JaffaCakes118
Size

23KB
MD5

49895a32716a573d2db99b00f1b1e154
SHA1

a13e9696b050e5438da9261606575a7fc829518d
SHA256

c832abc5a9b00aeb3585becffc5c156586f29d1c6d8b6ba694d8f35f1e929fd0
SHA512

d782526d8da65bd76e93712f7dd782b8952f9a63613ad442982dee6a129cd34fab4ce871bb18bcefacb907971b10117adeb4944005e94828cba5610893cdf335
SSDEEP

384:h0GQeJT5HslS1TZEMgKCaxwag6PwjQLBIq2B1dB9cV3tDQO:eHeJaY9ZsKUagPOCLDdG3tEO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49895a32716a573d2db99b00f1b1e154_JaffaCakes118

Files

49895a32716a573d2db99b00f1b1e154_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

93728ae05a4952e49d999dc60219a683

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
wsprintfA
DefWindowProcA

kernel32

Process32First
Process32Next
HeapAlloc
HeapFree
GetProcessHeap
VirtualAlloc
GetProcAddress
ExitProcess
CloseHandle
CreateMutexA
OpenMutexA
ExitThread
Sleep
CreateEventA
CreateThread
OpenEventA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrlenA
LoadLibraryA
SetEvent
WriteFile
CreateFileA
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
MoveFileExA
GetLastError
VirtualFree
ResetEvent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateToolhelp32Snapshot

wininet

InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetSetStatusCallback
InternetOpenA
InternetSetOptionA
InternetReadFile

msvcrt

_vsnprintf
memset
memmove

ntdll

RtlUnwind
NtClose
NtDeviceIoControlFile
NtCreateFile
RtlInitUnicodeString
NtQueryVolumeInformationFile
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyA

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93728ae05a4952e49d999dc60219a683

Headers

File Characteristics

Imports

user32

kernel32

wininet

msvcrt

ntdll

advapi32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.data Size: 1KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 18KB

.data
Size: 1KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB