bc759aa498418d86a583a59b88063f24_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bc759aa498418d86a583a59b88063f24_JaffaCakes118
Size

161KB
MD5

bc759aa498418d86a583a59b88063f24
SHA1

0faf27ef7534982cc5d90de6d7c003fc5653ed18
SHA256

8d73d3af28627b58334991ca341442760e872da3bc54a172cbdd05886d9dd144
SHA512

61ac9865f811d7b773775347a44eac5ee8f301b137915baebb61fc03c271507d8ac81284a2381b2e4398714799fe0332bda5ece0727cdc8953556930478f8407
SSDEEP

3072:DCENo8kYGDPT8PUArZ4vJJnhRPTe+IahjuDL/2mghqBdg:eEJkYCVArZqJJnh9y+s23Udg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc759aa498418d86a583a59b88063f24_JaffaCakes118

Files

bc759aa498418d86a583a59b88063f24_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

227cad944dfd930021367b0c558073d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

nlhtml.pdb

Imports

msvcrt

_onexit
__dllonexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_adjust_fdiv
_initterm
realloc
wcsrchr
_wtoi
wcstombs
_wcsupr
wcsncpy
malloc
wcscat
iswspace
iswalpha
_strnicmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcscpy
iswdigit
_wtol
_wcsicmp
wcschr
mbstowcs
wcstoul
towupper
_wcslwr
bsearch
wcscmp
__CxxFrameHandler
wcslen
wcsncmp
_wcsnicmp
_purecall
free
_CxxThrowException

user32

LoadStringW
SetLastErrorEx

oleaut32

VarR8FromStr
SysFreeString
SysAllocString
SysAllocStringLen

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
lstrlenA
GetStringTypeW
GetSystemTime
SystemTimeToFileTime
lstrlenW
FlushViewOfFile
MapViewOfFile
SetFilePointer
SetEndOfFile
CreateFileW
CreateFileA
GetFileSize
CreateFileMappingW
CreateFileMappingA
CloseHandle
UnmapViewOfFile
GetModuleHandleW
GetVersionExW
DisableThreadLibraryCalls
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExA
MultiByteToWideChar
GetLastError
GetCPInfo
LocalAlloc
LocalFree
WideCharToMultiByte
GetLocaleInfoA
GetLocaleInfoW
SetLastError
IsValidCodePage
IsDBCSLeadByteEx
IsValidLocale
InterlockedDecrement
InterlockedIncrement
GetSystemDefaultLCID

advapi32

RegQueryValueExA
RegOpenKeyW
RegOpenKeyA
RegEnumKeyExW
RegQueryValueExW
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

227cad944dfd930021367b0c558073d7

Headers

File Characteristics

PDB Paths

Imports

msvcrt

user32

oleaut32

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 91KB

.data Size: 60KB - Virtual size: 65KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 91KB - Virtual size: 91KB

.data
Size: 60KB - Virtual size: 65KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB