59a66ae34ed0214f6051d40e17060c00_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

59a66ae34ed0214f6051d40e17060c00_JaffaCakes118
Size

124KB
MD5

59a66ae34ed0214f6051d40e17060c00
SHA1

e820c33dd79f550b4a9f89d85128d642a3102854
SHA256

092e6c76cdba1dc667d2aea9d07ded49044a92994a88dc31970d73a51bca3704
SHA512

e3afce7605e6262f42585df3ce566d57f0a83826432152bb5addc76166782e1762cbee2bfb6676a41b0a12cc907c4275cd6c9ce0e970ea2008e0a0af736d5cdb
SSDEEP

1536:5B6kibTGPVCTWtxtXlBf1tl/SPyS84fAMqGUyfp496KhGTXmJCWbHF03k/qbVUUZ:akTtdxSo4fNUg49iCF0USaXet17

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59a66ae34ed0214f6051d40e17060c00_JaffaCakes118

Files

59a66ae34ed0214f6051d40e17060c00_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

bb1ee7f16c9cf6799e3252c316a66cfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrlenW
DisableThreadLibraryCalls
GetSystemDirectoryA
GetFileSize
ReadFile
DeleteFileA
RtlUnwind
SetEndOfFile
LCMapStringW
LCMapStringA
GetStringTypeW
CreateFileA
SetFilePointer
WriteFile
CloseHandle
HeapAlloc
HeapFree
GetLastError
WideCharToMultiByte
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
ExitProcess
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
SetStdHandle
FlushFileBuffers
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA

user32

MessageBoxA

oleaut32

SysStringLen
LoadRegTypeLi
VariantCopy
VariantChangeType
VariantClear
SysFreeString

atl

ord15
ord57
ord21
ord30
ord32
ord58
ord16
ord18
ord23

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb1ee7f16c9cf6799e3252c316a66cfc

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

atl

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB