b08c8af9c5aeb24db970418808bb6e23_JaffaCakes118

General

Target

b08c8af9c5aeb24db970418808bb6e23_JaffaCakes118
Size

2.0MB
MD5

b08c8af9c5aeb24db970418808bb6e23
SHA1

63fd148dc922295e739acfc6938c7d9475c06c9e
SHA256

fbc51b86052cdc2c7de4f2427ffd581320056d670cae9409d5b8a89f7db3eaa5
SHA512

5279217935a4d68d8a606f631bc8853cd4fac47ba22b6b8ee5baf1027bcd37293bbe35645031b108efbe55f70b3ed10df759485af75c2d69cbda07436a36a0be
SSDEEP

49152:7QnhJc3x1BzTA7l0sc/ssr2eKl/2qt4ZBDaugs+jm:Unhy3x1Bz7/muqt4XWuji

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b08c8af9c5aeb24db970418808bb6e23_JaffaCakes118

Files

b08c8af9c5aeb24db970418808bb6e23_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

569d43541eb741be939113855b9658f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileType
GetStringTypeW
WinExec
OpenFileMappingA
GetVolumePathNamesForVolumeNameW
GetUserDefaultLangID
GetCommandLineW
FindActCtxSectionStringW
GetFullPathNameW
GetCommProperties
IsValidLocale
GetBinaryTypeA
DeleteTimerQueue
RtlUnwind
CreateTimerQueueTimer
GetProcAddress
SetEnvironmentVariableW
GetModuleHandleW
LoadLibraryA
GetProcessAffinityMask

ole32

CoImpersonateClient
CoRegisterMessageFilter
CoSwitchCallContext

user32

GetComboBoxInfo
TrackPopupMenu
SendMessageA
SetWindowPlacement
CloseWindowStation
UnhookWindowsHookEx
GetGUIThreadInfo
GetKeyNameTextW
EnumDisplaySettingsW
ShowCaret

oleaut32

SysFreeString

shlwapi

PathRemoveExtensionW

advapi32

ReadEventLogA
DuplicateTokenEx
RegCreateKeyA

shell32

SHGetSettings
SHOpenFolderAndSelectItems
SHCreateDirectoryExW
DragQueryFileA

gdi32

GetCharacterPlacementA
GetOutlineTextMetricsA
Arc
SwapBuffers
GetTextFaceW
CopyMetaFileA
ExtTextOutA
ExtFloodFill

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

569d43541eb741be939113855b9658f7

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

gdi32

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 341KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 344KB - Virtual size: 341KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 4KB - Virtual size: 1KB