725c646aadc2b738aa5e3855ea1e1361_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

725c646aadc2b738aa5e3855ea1e1361_JaffaCakes118
Size

280KB
MD5

725c646aadc2b738aa5e3855ea1e1361
SHA1

5f961f2f864a6e6da9af6fa0053b0b74b84aae62
SHA256

99aad015606a192e7feea9612b725ed62d917c1a020d94cacf6944e30f59c1d7
SHA512

fff2f65f207a5681a7ae214aec93704f6cf48c81c47528293df58d59b727237625cc00ee1acc784ff4b4436c1fba0726d2e5e28f6256739a8f058ef04f4c2e27
SSDEEP

3072:YWHuZELlyWp8BOKkPI3o9TBfUX4v08teAAAAAAczkRFSiFlRqqqqqqVLVXCdVKBn:4+LnWHo9TB24QfqqqqqqVc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
725c646aadc2b738aa5e3855ea1e1361_JaffaCakes118

Files

725c646aadc2b738aa5e3855ea1e1361_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

00c9e62baaff123341e855a3653e4486

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup
WSACleanup
WSAStartup
WSACleanup

kernel32

WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
TlsFree
MultiByteToWideChar
InterlockedIncrement
lstrlenW
TlsFree
TlsFree
TlsFree
TlsFree
CreateThread
DecodePointer
EncodePointer
GetModuleHandleExW
TlsFree
WaitForSingleObject
TlsFree
TlsFree
TlsFree
GetLastError
lstrlenA
SetLastError
TlsFree
InterlockedDecrement
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
CreateMutexW
ReleaseMutex
GetProcAddress
GetModuleHandleA
LoadLibraryA
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
CreateEventW
TlsFree
TlsFree
TlsFree
TlsFree
VirtualProtect
TlsFree
GetStringTypeA
GetStringTypeW
TlsFree
HeapCreate
TlsFree
TlsFree
TlsFree
VirtualFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsFree
TlsFree
GetThreadLocale
TlsFree
TlsFree
HeapDestroy
HeapAlloc
HeapFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
LCMapStringA
LCMapStringW
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
GetModuleHandleA
GetModuleHandleA

advapi32

RevertToSelf
RevertToSelf
RevertToSelf

Exports

Exports

DllRegisterServer
DllUnregisterServer
NSPCleanup
NSPStartup
Register

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00c9e62baaff123341e855a3653e4486

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 44KB - Virtual size: 51KB

.rsrc Size: 32KB - Virtual size: 30KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 44KB - Virtual size: 51KB

.rsrc
Size: 32KB - Virtual size: 30KB

.reloc
Size: 20KB - Virtual size: 16KB