858f5508a37de49df11e412016319628_JaffaCakes118

General

Target

858f5508a37de49df11e412016319628_JaffaCakes118
Size

108KB
MD5

858f5508a37de49df11e412016319628
SHA1

e21d7fde08402190c77be1687a8f766edf2a53d9
SHA256

ee1310de0338fa00c2045a851eb9f21ca0fb178a46b7c9d48052da3a2584363a
SHA512

4504d79e3e4e95a082ef8fa1cc294978b974a926c28e54cdb6093def1faee9dd58ed94c2364231e67667980d9cc4fbc83aae23054231ce38610b06a4185de867
SSDEEP

3072:VOzZJdfDxyyihtKdUr7RUSPwi0zj5jItsT/:VeZTfVyP8G7RUS49zhIW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
858f5508a37de49df11e412016319628_JaffaCakes118

Files

858f5508a37de49df11e412016319628_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

607008ae29e8e1cbb8630d3b1c2937b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
SetCurrentDirectoryW
GetFileAttributesW
DuplicateHandle
FindClose
LoadResource
SetEvent
GlobalLock
SetLastError
Sleep
CancelWaitableTimer
SetFilePointer
VirtualFree
GetFileAttributesExW
LoadLibraryA
GetUserDefaultLangID
FindResourceExW
GetTickCount
SetThreadPriority
GetProcAddress
InterlockedIncrement
VirtualAlloc
CloseHandle
SizeofResource

user32

GetWindowThreadProcessId
EnableWindow
LoadCursorW
PostThreadMessageW
LoadImageW
SetCapture
SetCursor
LoadBitmapW
RegisterHotKey
UpdateWindow
GetCursorPos
SetWindowPos
PostMessageW
GetSysColor
DestroyIcon
GetDlgItem
DestroyMenu
SystemParametersInfoW
SendMessageW
GetMessageW

gdi32

Rectangle
SelectObject
DeleteObject
SetDIBits
DeleteDC
CreateFontIndirectW
CreateBitmap
CreateRoundRectRgn
CreateDCW
CreateICW
GetClipBox
BitBlt
GetDeviceCaps

advapi32

RegSetValueExW
RegDeleteValueW
LookupAccountSidW
RegOpenKeyExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.ohrr
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fxsqqt
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qmsiwq
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

607008ae29e8e1cbb8630d3b1c2937b3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.ohrr Size: 88KB - Virtual size: 86KB

.fxsqqt Size: 4KB - Virtual size: 1KB

.qmsiwq Size: 4KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 6KB

.ohrr
Size: 88KB - Virtual size: 86KB

.fxsqqt
Size: 4KB - Virtual size: 1KB

.qmsiwq
Size: 4KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 6KB