875345dcc6a28d0c119065623ad7efdc_JaffaCakes118

General

Target

875345dcc6a28d0c119065623ad7efdc_JaffaCakes118
Size

44KB
MD5

875345dcc6a28d0c119065623ad7efdc
SHA1

4d0e8944cb23948c82c18141d89c9ca3fb399a33
SHA256

90f08bcf30bc4763ba6739d44032eb15dda3c98878475a8eb6f13f95d93af14d
SHA512

22ccd71946a224ebb0afff586dd22acc3ed8261f33def9b934fbd3484076eea714c3f7cdcade274c9a0784afb0ce2bd1a75a12e3e2f69ce8d839705d6ce74f6c
SSDEEP

384:KkvMYNiXsE0y7TBoCTJJqIDlVVO242kJGsHwDtkav5pnQB4VUPJpJgLa0MpJG3:KkvM5XB2DF2ADwpkavXnQOV0gLa1C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
875345dcc6a28d0c119065623ad7efdc_JaffaCakes118

Files

875345dcc6a28d0c119065623ad7efdc_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d4a604e882c44770f8ec8e51633d1890

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
WinExec
GetWindowsDirectoryA
GetLastError
CreateMutexA
CreateProcessA
VirtualAlloc
InterlockedIncrement
GetModuleFileNameA
LoadLibraryA
CreateThread
CloseHandle
GetLocalTime
GetProcAddress

user32

DefWindowProcA
PostMessageA
FindWindowExA
ShowWindow
CreateWindowExA
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
RegisterClassExA
KillTimer
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

SHGetValueA

msvcrt

fclose
_adjust_fdiv
malloc
_initterm
free
strrchr
__CxxFrameHandler
_except_handler3
strchr
fopen
fwrite
_stricmp
sprintf
??2@YAPAXI@Z
atoi
??3@YAXPAX@Z

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetReadFile
InternetCloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 874B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4a604e882c44770f8ec8e51633d1890

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

wininet

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 874B

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 874B