ae5e866ebdbf88faa17405f098006c7e_JaffaCakes118

General

Target

ae5e866ebdbf88faa17405f098006c7e_JaffaCakes118
Size

80KB
MD5

ae5e866ebdbf88faa17405f098006c7e
SHA1

546425270d54f1349e6817c5d584d06a8e936c65
SHA256

382c61c5bbcba1344f961b1d2fa3682ff4abf0e13ed64f61bbc24e35adcb7e0d
SHA512

eb2d7bb599b435d488dc6c2934d7f337dbbf77edff3bd9feafd5cbac5a0123f873c692717465f8b7a1bade0fe5c053b43a16b565e99abcb2ae90d294d84abc3b
SSDEEP

1536:soz7Kde+d50VC3A0MddRuXlnK7ppyZHXh6Z49eROfeOsFYd:soz+de+30VC3A0MtGnK7vmHXhFQOfn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae5e866ebdbf88faa17405f098006c7e_JaffaCakes118

Files

ae5e866ebdbf88faa17405f098006c7e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1f864b5b432c241bc3d6597ce0fe3c54

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
VirtualQuery
InterlockedIncrement
GetSystemDirectoryA
OpenEventA
GetModuleFileNameA
LoadLibraryA
LeaveCriticalSection
SetEvent
UnmapViewOfFile
GetProcAddress
InterlockedExchange
GetVolumeInformationA
GetModuleHandleA
VirtualProtect
SetLastError
lstrlenA
WriteFile
GetTickCount
CreateFileA
GetComputerNameA
MoveFileA
MapViewOfFile
CopyFileA
CreateProcessA
InitializeCriticalSectionAndSpinCount
GetSystemInfo
CreateFileMappingA
GetSystemTimeAsFileTime
GlobalAlloc
LocalReAlloc
GetVolumeNameForVolumeMountPointW
IsBadCodePtr
IsDBCSLeadByte
GetProfileStringW
GetUserDefaultUILanguage
IsValidCodePage
GetCommMask
GlobalGetAtomNameA
GetLocaleInfoA
MapViewOfFileEx
UnlockFileEx
FreeResource
FindNextVolumeW
SearchPathW
ClearCommBreak
GlobalFlags
FindResourceW
FatalAppExitA
PeekNamedPipe
GetSystemDefaultLangID
HeapLock
FindFirstFileExW
Beep
GetCommTimeouts
ReadDirectoryChangesW
DeleteCriticalSection
GetVersionExW
WaitCommEvent
GetLogicalDriveStringsW
OpenProcess
FindNextChangeNotification
GlobalFindAtomA
CreateIoCompletionPort
ReadProcessMemory
GetEnvironmentStringsW

ole32

CoInitialize
CoUninitialize
CoAddRefServerProcess
CoGetObjectContext
OleIsRunning
StgCreateDocfileOnILockBytes
CreateItemMoniker
CoMarshalInterface
OleUninitialize
ReadFmtUserTypeStg
StgOpenStorageEx

Exports

Exports

CPlApplet
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f864b5b432c241bc3d6597ce0fe3c54

Headers

File Characteristics

Imports

kernel32

ole32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 1KB