78dcb3e7098d5df4e9c7c867a844dfd5_JaffaCakes118

General

Target

78dcb3e7098d5df4e9c7c867a844dfd5_JaffaCakes118
Size

108KB
MD5

78dcb3e7098d5df4e9c7c867a844dfd5
SHA1

a557358029280597a8f76d7d2f4b3e03563a74f7
SHA256

48e491d36fb5d110f13304fcbad0b5f88061750c594be55edd858cb98a91e8be
SHA512

6fe954680438a1866a54cfc7bf1a653fc9ece2509cb92ad7f2683d928d1827cc6ed161b9c7a0c0b2d92caa640de74d8cad1f26b882d3ca37d6faad9ed6ced489
SSDEEP

1536:Dw763/5rj44AbafdGVrkCDItpzkJ1onVSwilrCoDe0mgkb5U:aW5344XdaDDqpo4SwGrxe07

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78dcb3e7098d5df4e9c7c867a844dfd5_JaffaCakes118

Files

78dcb3e7098d5df4e9c7c867a844dfd5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a0a4d7a5b1016d3d1e583cb4dd09164d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WritePrivateProfileStringW
GetSystemTime
CreateThread
lstrcpyW
DuplicateHandle
FindResourceExW
SizeofResource
QueryDosDeviceW
GetProcAddress
LoadLibraryW
MulDiv
GlobalAlloc
SetLastError
SetCurrentDirectoryW
GlobalAddAtomW
FindNextFileW
VirtualAlloc
FindFirstChangeNotificationW
FileTimeToSystemTime
GetLastError
InterlockedIncrement
LoadLibraryA
GetModuleFileNameW
ResetEvent
GetVersion
DeleteFileW

user32

TrackPopupMenu
InvalidateRect
GetWindowDC
VkKeyScanW
SetWindowPos
PostQuitMessage
PostMessageW
SetCapture
RedrawWindow
CreatePopupMenu
CreateWindowExW
LoadCursorW
LoadBitmapW
SendMessageW
SetForegroundWindow
OffsetRect
SystemParametersInfoW
DrawTextW
LoadStringW
RegisterWindowMessageW
ReleaseDC

gdi32

GetObjectW
SelectObject
CreateBitmap
CreatePen
CreateCompatibleBitmap
SetMapMode

advapi32

LookupAccountSidW
RegNotifyChangeKeyValue
RegOpenKeyExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.gmmsh
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cyqiv
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wbde
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0a4d7a5b1016d3d1e583cb4dd09164d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.gmmsh Size: 88KB - Virtual size: 85KB

.cyqiv Size: 4KB - Virtual size: 1KB

.wbde Size: 4KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 6KB

.gmmsh
Size: 88KB - Virtual size: 85KB

.cyqiv
Size: 4KB - Virtual size: 1KB

.wbde
Size: 4KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 6KB