59a3214b7bbf0efc8df7c7d7639b9146_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

59a3214b7bbf0efc8df7c7d7639b9146_JaffaCakes118
Size

1.8MB
MD5

59a3214b7bbf0efc8df7c7d7639b9146
SHA1

d86c66c01c904194ba5811c8ecf8add4d9b914d2
SHA256

f7abf06d0a9f1d1f8443194f16251bec351b93599635eb839cda21a03c303cff
SHA512

8d103c8f1b96fe14390afba45c7e51204fe14f59133246f778243d2aa6399fbe2ec9f63171480de4d46e4beedcf0477f4149439781a485a4cc4b873fdffcc011
SSDEEP

49152:I5nvmyeQ805TO9GaIkgr4iotH29eb31hTuJ/TOHgaA:iTZ805TO9GaIkgr4iA29eDy/TOHg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59a3214b7bbf0efc8df7c7d7639b9146_JaffaCakes118

Files

59a3214b7bbf0efc8df7c7d7639b9146_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

b83af2856d3a74c1453c7e7da70f6cf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
MultiByteToWideChar
DeleteCriticalSection
ExitThread
LoadLibraryW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
CreateFileA
GetProcessHeap
SetEndOfFile
WriteConsoleW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
HeapCreate
HeapDestroy
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WriteFile
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetTimeZoneInformation
CloseHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetTimeFormatA
GetDateFormatA
GetFullPathNameW
GetCurrentDirectoryA
GetLocaleInfoA
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetStdHandle
CreateFileW
WriteConsoleA
GetConsoleOutputCP
CreateThread

user32

IsWindow
ShowWindow

oleaut32

VarCmp
SysAllocString
VariantClear
VariantInit
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b83af2856d3a74c1453c7e7da70f6cf8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 131KB - Virtual size: 130KB

.data Size: 24KB - Virtual size: 51KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 181KB - Virtual size: 181KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 131KB - Virtual size: 130KB

.data
Size: 24KB - Virtual size: 51KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 181KB - Virtual size: 181KB