a1984f57b88711255ecb368481f0ad13_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a1984f57b88711255ecb368481f0ad13_JaffaCakes118
Size

228KB
MD5

a1984f57b88711255ecb368481f0ad13
SHA1

470d0531dbeb98ba2b9c04ba75b2b5674df96ced
SHA256

433789d5472731ae982ae42583b508b1c8e4c220061e68fa187f0ff44049bfb8
SHA512

f0de67f8f53a4b3f3a940f6af222627e78d0dd8743f2b89329018d232131f3bbee995c571af6d03f9e8a14490c44d8094ecc72c66338ccd08fc78e07099e0630
SSDEEP

6144:gavn9bduWwITIhlwug39NeeQf218co6r4tz:gavLr7Ajg3neeQH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1984f57b88711255ecb368481f0ad13_JaffaCakes118

Files

a1984f57b88711255ecb368481f0ad13_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

272e7e2ae270476897df4db8d3c4ea8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MulDiv
FreeLibrary
LoadLibraryA
lstrcpynA
SizeofResource
CreateEventA
CloseHandle
CompareStringA
GetModuleHandleA
GetWindowsDirectoryA
FindResourceA
GetLastError
SetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
LoadResource
LockResource
GetCurrentProcess
FlushInstructionCache
HeapAlloc
GetModuleFileNameA
lstrlenA
InterlockedExchange
IsBadReadPtr
IsBadCodePtr
DisableThreadLibraryCalls
GetProcessHeap
HeapFree
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemDirectoryA

user32

CreateDialogParamA
SetRect
GetDlgItemInt
SetDlgItemInt
ShowWindow
WinHelpA
GetDC
ReleaseDC
GetDialogBaseUnits
IsWindow
DestroyWindow
IsDialogMessageA
MoveWindow

gdi32

GetTextMetricsA
SelectObject
CreateFontIndirectA
GetDeviceCaps
GetTextExtentPointA
DeleteObject

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoCreateFreeThreadedMarshaler

oleaut32

SysAllocString
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysAllocStringLen

atl71

ord66
ord30
ord65
ord18
ord22
ord64
ord49
ord32
ord23
ord61
ord15
ord44
ord43
ord31
ord58
ord53
ord52

ltkrn14nu

ord196
ord116
ord125
ord197

ltimg14nu

ord103
ord106
ord122
ord152
ord150
ord228
ord100
ord196
ord256
ord147
ord105

mslur71

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
__dllonexit
__CppXcptFilter
_onexit
?terminate@@YAXXZ
memcpy
strlen
??_U@YAPAXI@Z
_resetstkoflw
??2@YAPAXI@Z
_except_handler3
_CxxThrowException
__security_error_handler
memcmp
memset
free
_purecall
??3@YAXPAX@Z
??_V@YAXPAX@Z
malloc
__CxxFrameHandler
_mbsnbcpy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

272e7e2ae270476897df4db8d3c4ea8e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

atl71

ltkrn14nu

ltimg14nu

mslur71

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 840B

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 3KB

.text Size: 168KB - Virtual size: 168KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 840B

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 168KB - Virtual size: 168KB