5fb25046676f21c42c5bfc912367a0b3_JaffaCakes118

General

Target

5fb25046676f21c42c5bfc912367a0b3_JaffaCakes118
Size

2.3MB
MD5

5fb25046676f21c42c5bfc912367a0b3
SHA1

61b8c02fa05f7f495bf5403b0579ed4a10346aaf
SHA256

49825db8636946c9da5331de7e4905f60e3ab98d20bd93fc9a6859503d6b3889
SHA512

1222b03046249eefc6811f2137370f4d396fba40f7dbab0b1854d3cdf2f9daa05777d8b6fa3127d979959fc9369605099c343b83f7b592bea4c69962cd0d28dc
SSDEEP

49152:IfrXEERggUZsH3BorLFsUN2uEcpI75b3/cwnuIrmLPoBPJf6lT2Mi:7ERPUaHRor5NIuEgQ3/1gDoBhfC2Mi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fb25046676f21c42c5bfc912367a0b3_JaffaCakes118

Files

5fb25046676f21c42c5bfc912367a0b3_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

96f34fff7af85d2d0eca454beafe7552

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
FindNextChangeNotification
SetNamedPipeHandleState
GetUserDefaultUILanguage
CreateFileA
LocalFlags
GetSystemPowerStatus
RemoveDirectoryW
WaitCommEvent
ClearCommError
FlushFileBuffers
InterlockedIncrement
CreateMutexA
GetEnvironmentStrings
LoadLibraryA
HeapLock
GetProcAddress

ole32

RevokeDragDrop
CoQueryProxyBlanket
CreateBindCtx
OleCreate
PropVariantClear

user32

CharNextExA
IsCharAlphaW
GetDialogBaseUnits
SetActiveWindow
DestroyCursor
SetWindowPos
DeferWindowPos
EnableScrollBar
MapVirtualKeyW
IntersectRect
GetNextDlgGroupItem

shlwapi

PathFindExtensionA
SHRegSetUSValueW
SHSetValueA
StrCmpNIW
SHRegGetUSValueW
PathIsUNCServerW
PathCommonPrefixW
PathFindFileNameW

advapi32

RegisterServiceCtrlHandlerW
SaferGetLevelInformation

shell32

ShellExecuteExW
SHFileOperationA
DragQueryFileA
ExtractIconW
SHGetPathFromIDListW

gdi32

GetClipRgn
DeleteObject
GetKerningPairsA
GetDCOrgEx
EnumFontFamiliesA
CreatePenIndirect
GetCharWidth32W
GetStockObject
CreateDIBPatternBrushPt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 584KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96f34fff7af85d2d0eca454beafe7552

Headers

File Characteristics

Imports

kernel32

ole32

user32

shlwapi

advapi32

shell32

gdi32

Exports

Exports

Sections

.text Size: 584KB - Virtual size: 580KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 64KB - Virtual size: 60KB

.text
Size: 584KB - Virtual size: 580KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 64KB - Virtual size: 60KB