72e68bdb2f84b2755d9e4d3a6344271c_JaffaCakes118

General

Target

72e68bdb2f84b2755d9e4d3a6344271c_JaffaCakes118
Size

189KB
MD5

72e68bdb2f84b2755d9e4d3a6344271c
SHA1

c0baff4f2ca541f5653bf5d337c6fba5dfb3f462
SHA256

c506e3909169f7610f0fc900cfe063422bc5c335fd8dfb2a346bad1dee580d79
SHA512

8d21dd03b0aa47cd8a0945e50284f1738761ce81f52a3d9256ab468ccea1721d89a4606b8ae8770a6a13f559cc093715aafef65622d57b8e2f9a7d65339a5441
SSDEEP

3072:7iamjMF8jBMREz0WV5gKgQqcEC1dsJMU0p96dDs40zkHS3sDGAlRf:mLSqBBgEgh2dsJMZin0bsay

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72e68bdb2f84b2755d9e4d3a6344271c_JaffaCakes118

Files

72e68bdb2f84b2755d9e4d3a6344271c_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

8c978d4583962bf829e17352e429b77a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

bidispl.pdb

Imports

msvcrt

??2@YAPAXI@Z
_except_handler3
free
_initterm
??3@YAXPAX@Z
_adjust_fdiv
malloc

kernel32

LeaveCriticalSection
TerminateProcess
EnterCriticalSection
SetLastError
lstrlenW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
DeleteCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount

ole32

CoCreateInstance
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree

advapi32

RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW

winspool.drv

OpenPrinterW
ClosePrinter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c978d4583962bf829e17352e429b77a

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

ole32

advapi32

winspool.drv

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 172KB - Virtual size: 172KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 1024B - Virtual size: 688B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 1024B - Virtual size: 688B