5fe70db532ffd69e3711a0c2900ea5c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5fe70db532ffd69e3711a0c2900ea5c0_JaffaCakes118
Size

92KB
MD5

5fe70db532ffd69e3711a0c2900ea5c0
SHA1

7e15924ec8ad0991af88847233bafadfb819866f
SHA256

9748e13d62ea966d6d0896fc71f19aaa3503b1ada4b275a1d14d38b124a153fd
SHA512

c487951694b24eaf26e3f0bafd0bbb03a3481db16a2d36f0c3a66a7e6ab6b3751b0c2efa527a62761fa9d47c03b847669f54d9cb717111d494532be0444776c9
SSDEEP

768:YVaO74S5FICTHeV8AbVYL5+ePJ04EaYar1H8FkDwylaHVs+bC:YVam4SrTHrV9VEaxrSFkDlaHVtbC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fe70db532ffd69e3711a0c2900ea5c0_JaffaCakes118

Files

5fe70db532ffd69e3711a0c2900ea5c0_JaffaCakes118
.dll regsvr32 windows:4 windows x64 arch:x64

b7056bcf143facf74be68e9efbfb025a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileA
GetTickCount
GetLastError
DeleteFileA
lstrcmpiA
CopyFileA
VirtualProtect
VirtualAlloc
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetSystemWindowsDirectoryA
VirtualFree
lstrlenA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
lstrcmpA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter

advapi32

RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA

user32

GetSystemMetrics

shell32

ShellExecuteA

shlwapi

PathStripPathA
PathAppendA

msvcrt

__C_specific_handler
memset
abort
strchr
_vsnprintf
memcpy
sprintf

Exports

Exports

DllRegisterServer
DllUnregisterServer
onStartup

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7056bcf143facf74be68e9efbfb025a

Headers

File Characteristics

Imports

kernel32

advapi32

user32

shell32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 63KB - Virtual size: 62KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 744B

.CRT Size: 512B - Virtual size: 8B

.rsrc Size: 1024B - Virtual size: 784B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 744B

.CRT
Size: 512B - Virtual size: 8B

.rsrc
Size: 1024B - Virtual size: 784B

.reloc
Size: 5KB - Virtual size: 4KB