73144dbb840ba11305181c0c6abb0e64_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

73144dbb840ba11305181c0c6abb0e64_JaffaCakes118
Size

2.5MB
MD5

73144dbb840ba11305181c0c6abb0e64
SHA1

47a0a6551518421e9dd926a445049951693ac3ec
SHA256

1a508efb3a5598fa2b9e5495ee79045c8337a5f374a0188753bcad7ba8374f59
SHA512

57941a75c8778f1eac4a8063d6c36c6b635b8059082c67757e47b29917fe31a1435cf14c327b0e7711ddd872a9818598be53f4bfd43df209bc1a0718b986842e
SSDEEP

49152:9j+SURp1sAuclzcnyKR5R0P+aW/JH1Q/G6omDmPnT82r:YSUZLlzcnhRM+aiMHoSkA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73144dbb840ba11305181c0c6abb0e64_JaffaCakes118

Files

73144dbb840ba11305181c0c6abb0e64_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4baf221c34db86d0f8fcb5c593e2fd1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnregisterWaitEx
CallNamedPipeA
GlobalFindAtomW
GetLogicalDrives
GetCommState
VirtualQuery
lstrcatA
LocalUnlock
IsBadStringPtrW
ReadProcessMemory
CreateFileMappingW
GlobalMemoryStatus
IsValidLanguageGroup
IsValidCodePage
QueueUserAPC
FileTimeToLocalFileTime
GetModuleHandleA
MoveFileExW
GetModuleFileNameW
SetErrorMode
lstrcmpiA
EnumSystemLocalesA
GetAtomNameA
SleepEx
FreeEnvironmentStringsW
GetSystemTimeAdjustment
GetFileAttributesA
RemoveDirectoryW
SetFileApisToOEM
GetFileTime
TerminateJobObject
OpenFileMappingW
SetEndOfFile
GetProfileIntA
OpenFileMappingA
GetProcAddress
GetCurrentThread
FindVolumeClose
LoadLibraryA
GetEnvironmentStrings

ole32

StgCreateDocfile
CreateDataAdviseHolder
CoInitializeEx
OleCreateLinkFromData
CreateDataCache
FreePropVariantArray
OleUninitialize
OleCreateLinkToFile
CoCreateInstance
CoFreeUnusedLibraries
OleDuplicateData
GetRunningObjectTable

user32

CallWindowProcA
GetDlgItemTextA
MapVirtualKeyW
CreateCaret
CreateAcceleratorTableW
SetForegroundWindow
AttachThreadInput
GetScrollRange
CharLowerA
GetCursorPos
GetWindowTextLengthW
SendDlgItemMessageA
HideCaret
GetMenuStringW
GetQueueStatus
RegisterHotKey
GetUserObjectInformationA
GetMessageW
DispatchMessageA
CreateAcceleratorTableA
GetClassLongA
OemToCharA
NotifyWinEvent
EnableWindow
PostMessageW
FindWindowExW
AppendMenuA
LoadMenuW
PeekMessageA
ExitWindowsEx
SetScrollInfo
OpenInputDesktop
SetWindowLongW
SetMenuItemInfoA

oleaut32

SysAllocStringLen

shlwapi

StrTrimW
SHRegSetUSValueW
PathRemoveFileSpecA
StrCmpW
PathAddExtensionW
StrChrA
UrlEscapeW
UrlCombineW
SHSetValueA

advapi32

CredWriteDomainCredentialsW
RegEnumKeyExA
LockServiceDatabase
GetServiceKeyNameW
SetEntriesInAclW
RegisterEventSourceW
RegisterServiceCtrlHandlerA
SetEntriesInAclA
ImpersonateNamedPipeClient
RegEnumKeyA
RegCreateKeyW
RegOpenKeyA
CredFree
RegSetValueW
RegSetValueExW

shell32

SHBrowseForFolderW
DragQueryFileW
SHFileOperationA
SHGetSettings

gdi32

EnumEnhMetaFile
MoveToEx
CreateMetaFileA
GetTextMetricsA
GetPolyFillMode
PolyBezierTo
PtInRegion
SetMagicColors
SetICMMode
CloseEnhMetaFile
CreatePalette
ArcTo
AddFontResourceA
SetWindowExtEx
GetRegionData
GetTextExtentPoint32W
GetCharABCWidthsA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 860KB - Virtual size: 858KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4baf221c34db86d0f8fcb5c593e2fd1c

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

gdi32

Exports

Exports

Sections

.text Size: 860KB - Virtual size: 858KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 64KB - Virtual size: 61KB

.text
Size: 860KB - Virtual size: 858KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 64KB - Virtual size: 61KB