49f700ed2441be347ee14cbedc90abf6_JaffaCakes118

General

Target

49f700ed2441be347ee14cbedc90abf6_JaffaCakes118
Size

2.3MB
MD5

49f700ed2441be347ee14cbedc90abf6
SHA1

c69333764cb00dc707816d866f018078bfd64a58
SHA256

04639ca0ef84975dec49a2600693326ccbb0bda2d2c6f04dcc93f366ae2f5549
SHA512

4f49f3bf02ad46520dad1f5d248b55d52043493eb26f778f32da03961de9fd064eb64aea7e9e18bc1a04b9338e0b8b8919efc91bb8fad0398219e905d1aae303
SSDEEP

49152:mwdwvVkFsUN2uEcpI75b3/cwnuIrmLPoBPJf6lT2MiG:WvVANIuEgQ3/1gDoBhfC2MiG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49f700ed2441be347ee14cbedc90abf6_JaffaCakes118

Files

49f700ed2441be347ee14cbedc90abf6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b31a2e8def67d461525e09f6f45e2cf2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnregisterWaitEx
GetCommConfig
GetEnvironmentStrings
BindIoCompletionCallback
GetCommProperties
FreeLibraryAndExitThread
HeapAlloc
GetProcAddress
LoadLibraryA

ole32

OleRegGetUserType
StringFromIID
CoCreateGuid
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoCreateInstanceEx

user32

ToUnicodeEx
SetWindowWord
GetForegroundWindow
FillRect
LoadStringW
RegisterWindowMessageA
GetComboBoxInfo
SetForegroundWindow
CreatePopupMenu
IsCharAlphaNumericW
CopyRect
ShowCaret
IsCharAlphaA
TranslateAcceleratorW
IsRectEmpty
IsDlgButtonChecked
ScrollWindowEx
CharPrevW
GetWindowRgn

shlwapi

StrDupW
SHDeleteValueW
UrlCanonicalizeW

advapi32

RegisterServiceCtrlHandlerExA
RegCreateKeyExW
CreateServiceW
LogonUserA
RegCreateKeyExA

gdi32

SetViewportExtEx
GetTextFaceW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 552KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b31a2e8def67d461525e09f6f45e2cf2

Headers

File Characteristics

Imports

kernel32

ole32

user32

shlwapi

advapi32

gdi32

Exports

Exports

Sections

.text Size: 552KB - Virtual size: 548KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 64KB - Virtual size: 60KB

.text
Size: 552KB - Virtual size: 548KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 64KB - Virtual size: 60KB