5afb64520a92d09a7059e48b28f84abd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5afb64520a92d09a7059e48b28f84abd_JaffaCakes118
Size

181KB
MD5

5afb64520a92d09a7059e48b28f84abd
SHA1

0391283f7d1399d184bca96e6b0aba7723e5f878
SHA256

1d1d4d80bca4d2bffd838787a3dca54ae04ce5b3bf4cabb25850e7479602ff88
SHA512

e8791753b2934664148969c7e2d89af1d19b1f8d757a5e48a21b8e153f8161c5dfa78cd316c780f70ed9621c33d3de15b6570856f27cdc41637dbdbf77429ca3
SSDEEP

3072:FumRIIQFlVckoKRMunfAr9GVm3bwDyiPNgkKkFqiDnICwQVqgNYLd3y0:FuRFl9lik8bpiubkFqitoP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5afb64520a92d09a7059e48b28f84abd_JaffaCakes118

Files

5afb64520a92d09a7059e48b28f84abd_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

43d3dea535ea1cb8df4f9b90c3ab2c5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

s:\dsfgawe2343\sfsdc3wdsa\edfeho\enlbrdr\bin\enlbrdr.pdb

Imports

kernel32

SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryExW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
SetThreadLocale
GetThreadLocale
CloseHandle
OpenMutexW
WideCharToMultiByte
DebugBreak
OutputDebugStringW
lstrlenA
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
HeapAlloc
LoadLibraryW
HeapFree
CreateDirectoryW
GetEnvironmentVariableW
SetEndOfFile
CreateFileA
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
lstrcmpiW
GetLastError
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetProcessHeap
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
ReadFile
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
Sleep
HeapSize
ExitProcess
HeapReAlloc
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameA
GetCurrentProcessId

user32

CharNextW
LoadStringW
wvsprintfW
MessageBoxW
SetWindowLongW
IsWindow
LoadCursorW
CallWindowProcW
GetWindowLongW
DefWindowProcW
FindWindowExW
SendMessageTimeoutW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DestroyWindow
UnregisterClassA

advapi32

IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CLSIDFromProgID
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarBstrCmp
VariantChangeType
LoadRegTypeLi
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
VariantCopy
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

shlwapi

PathFileExistsW
PathRemoveFileSpecW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43d3dea535ea1cb8df4f9b90c3ab2c5d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 124KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 12KB