64b080cfe7867c1dcdd67ac86dda2dea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64b080cfe7867c1dcdd67ac86dda2dea_JaffaCakes118
Size

240KB
MD5

64b080cfe7867c1dcdd67ac86dda2dea
SHA1

052989b93d51a962c4ab93e0909e2f3e2c935343
SHA256

60e93df396c7a782defc7a2179b1ac232d487750195d9caaca6eac60a90f27b3
SHA512

e919a95033798f2d3e04f0fbb7549a901b5a32be39a2dc64c5b0c2e79ed6e2623b7782dcaaf61a4440027dd371947630fce5ea2b640d09ec8793c884c043bead
SSDEEP

6144:GVlRLW7+xcrNcJZaov10hcBqVmCq5mn8kz8Tz:SBI+xc6ZarhpnLoT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64b080cfe7867c1dcdd67ac86dda2dea_JaffaCakes118

Files

64b080cfe7867c1dcdd67ac86dda2dea_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b45694d0be57a15fc90c907ac3956a47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
HeapCreate
InterlockedIncrement
InterlockedDecrement
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
DisableThreadLibraryCalls
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
CreateThread
SetThreadPriority
CreateEventA
Sleep
SetLastError
LocalAlloc
GetTickCount
GetSystemDirectoryA
TerminateThread
WaitForSingleObjectEx
OpenMutexA
CreateFileMappingA
MapViewOfFile
GetCurrentProcessId
GetLastError
LocalFree
DeleteCriticalSection
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapFree
HeapReAlloc
HeapAlloc
DebugBreak
DeviceIoControl
GetVersionExA
CreateFileA
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateMutexA
lstrcpynA

user32

PeekMessageA
DestroyWindow
GetWindowLongA
SetWindowLongA
RegisterClassA
GetMessageA
DispatchMessageA
CharNextA
SendMessageA
PostMessageA
FindWindowA
ReleaseDC
DefWindowProcA
CreateWindowExA

gdi32

BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
DeleteObject
GetBitmapBits

advapi32

RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SynCreateAPI

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b45694d0be57a15fc90c907ac3956a47

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.CRT Size: 172KB - Virtual size: 168KB

.rsrc Size: 16KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.CRT
Size: 172KB - Virtual size: 168KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 2KB