73c56b67cde9fc286c21a9db4e985a64_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

73c56b67cde9fc286c21a9db4e985a64_JaffaCakes118
Size

104KB
MD5

73c56b67cde9fc286c21a9db4e985a64
SHA1

4d362769c564ebb5f4e9097c49e9f71cb56b3f80
SHA256

669efd43aef27d963a06517e36cd97b1aa11861f0498241043e1b47809a225d2
SHA512

c6d1a9b14cc17036486f8dadac2786618e414370f1114ef9253f3fd35e4834dd192f88fea8da0e05dc55b0762f6f0445095f14593e2f4743eca8b33590793f43
SSDEEP

3072:jLCudzzegDgxXee5/Umz2lG32ER47BVFOq0K10C8Rn:j/z45/Uk2M3Q7JOFKw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73c56b67cde9fc286c21a9db4e985a64_JaffaCakes118

Files

73c56b67cde9fc286c21a9db4e985a64_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d49884f2fb3045888c8988ec0818be81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GetModuleHandleA
GetCurrentProcessId
MapViewOfFile
CopyFileA
GetProcAddress
EnterCriticalSection
HeapAlloc
InterlockedExchange
MoveFileA
InitializeCriticalSection
CreateMutexA
LocalFree
WriteFile
GetProcessHeap
GetModuleFileNameA
LoadLibraryA
UnmapViewOfFile
GetLastError
InterlockedIncrement
InterlockedDecrement
ReleaseMutex
GetSystemTimeAsFileTime
CreateThread
HeapFree
CreateDirectoryA
DeleteFileA
VirtualProtect
LeaveCriticalSection
CreateProcessA
GetSystemPowerStatus
SetTimeZoneInformation
GlobalFindAtomA
WriteConsoleA
ReadConsoleInputW
SetEvent
GetProfileStringW
OpenFileMappingA
GetDateFormatW
GetHandleInformation
FindResourceA
GlobalAddAtomA
SetFileAttributesA
LocalReAlloc
EscapeCommFunction
GetLargestConsoleWindowSize
SetProcessWorkingSetSize
SetEnvironmentVariableA
FindResourceExA
IsBadStringPtrA
GetCurrentProcess
GetVolumeInformationW
GetEnvironmentStrings
GetSystemWindowsDirectoryA
GetCurrentDirectoryA
GetDriveTypeW
lstrcmpW
VirtualAlloc
GetStartupInfoW
HeapValidate
GetSystemWow64DirectoryW
MoveFileExW
GetStringTypeExW
OpenFile
RemoveDirectoryW
ResumeThread
GetCommandLineW
EnumResourceLanguagesA
GetVolumePathNameW
GetConsoleMode
SetVolumeLabelW
DeleteTimerQueueEx
FileTimeToLocalFileTime
IsValidCodePage
GetEnvironmentVariableA
SetVolumeMountPointW
WriteProfileStringW
GetTempPathA
lstrlenW
CreateTimerQueue
GetConsoleScreenBufferInfo
InterlockedCompareExchange
SetComputerNameA
FindNextFileA
FindAtomA
FindNextVolumeMountPointW
QueryPerformanceFrequency
SetConsoleCursorPosition
GetTapeParameters
GetConsoleCP
ExitProcess
GetLongPathNameW
FindFirstVolumeW
SetErrorMode
VerifyVersionInfoW
OpenEventW
GetSystemTimeAdjustment
GetShortPathNameW
FindCloseChangeNotification
GetProfileIntW
SleepEx
OpenMutexA
FlushConsoleInputBuffer
RegisterWaitForSingleObjectEx
GetThreadLocale
HeapWalk
IsBadStringPtrW
OpenSemaphoreA
FindFirstChangeNotificationW
GetSystemDefaultUILanguage
OpenThread
CreateConsoleScreenBuffer
GetNumberFormatW
ReadDirectoryChangesW
GetDiskFreeSpaceExW
CreateRemoteThread
FindFirstVolumeMountPointW
FreeLibraryAndExitThread
GetWindowsDirectoryA
WriteConsoleInputA
GlobalReAlloc
CompareStringW
GetCompressedFileSizeW
SetDefaultCommConfigW
GetConsoleOutputCP
DosDateTimeToFileTime
GetStringTypeExA
FreeEnvironmentStringsW
FormatMessageW
FindResourceW
FileTimeToDosDateTime
CreateSemaphoreA
SetFilePointer
GlobalFree
VerSetConditionMask
RemoveDirectoryA
Beep
LCMapStringW
GetFileAttributesA
RaiseException
GetComputerNameExW
HeapCompact
WaitForMultipleObjects
GetVersionExA

ole32

CoSetProxyBlanket
CoFileTimeNow
OleRegGetUserType
BindMoniker
StringFromIID
OleTranslateAccelerator
CreateFileMoniker
CoLockObjectExternal
CoGetMarshalSizeMax
OleRun
CreateDataAdviseHolder
StringFromGUID2
RevokeDragDrop
CoGetObjectContext
OleCreateLink
CoFreeUnusedLibrariesEx
OleCreateFromFile
StgIsStorageFile
PropVariantCopy
CoWaitForMultipleHandles
GetHGlobalFromILockBytes
MkParseDisplayName
OleSetContainedObject
CoUninitialize
OleCreate
CoTaskMemAlloc
CoInitialize
CoCreateInstance

shlwapi

StrCmpW
StrToIntExW
StrTrimW
PathFindExtensionA
PathParseIconLocationW
PathGetCharTypeW
PathIsDirectoryW
PathIsFileSpecW
PathIsUNCServerShareW
wnsprintfW
PathFileExistsA
StrRetToBufW
SHDeleteKeyA
UrlUnescapeW
PathRemoveArgsW
PathGetArgsW
SHSetValueA
StrDupW
SHGetValueW
PathIsUNCServerW
PathQuoteSpacesW
PathAddBackslashA
PathFindExtensionW
PathRemoveExtensionW
SHRegSetPathW
SHDeleteValueW
StrStrW
SHAutoComplete
StrCmpIW
PathAppendA
PathStripPathW
wvnsprintfW

shell32

SHGetSpecialFolderPathA
SHFormatDrive
SHGetSpecialFolderLocation
ExtractIconW
SHCreateShellItem
SHSetLocalizedName
ExtractIconA
SHPathPrepareForWriteW
SHAddToRecentDocs
SHGetFolderPathAndSubDirW
ShellExecuteExA
SHGetSettings
SHGetPathFromIDListA
SHBrowseForFolderA
SHCreateDirectoryExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d49884f2fb3045888c8988ec0818be81

Headers

File Characteristics

Imports

kernel32

ole32

shlwapi

shell32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 3KB