c1a0b7abc03527b8e564295e53012b48_JaffaCakes118

General

Target

c1a0b7abc03527b8e564295e53012b48_JaffaCakes118
Size

40KB
MD5

c1a0b7abc03527b8e564295e53012b48
SHA1

3f1658b0de26c219872e2e37f6e0c27f43559f91
SHA256

eb5e8ef9a57d26c8c98e1a905a6c9a9882b113f04cb0c8eed17169f06b01ab8b
SHA512

cf07792170eb76613fd31f2191bc524f7c5dabdda922a1b62f9d7559f2c24719a969dd926165d5ead5efc059f1a27293c17e5fb961d34e05dff616ae72a298ec
SSDEEP

768:cW8wnIpJe8GV7In45lWlbc2AXsnO/4C2zpUXuBkFR:cHKOM7ZlWlWXwO/pX+BkFR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1a0b7abc03527b8e564295e53012b48_JaffaCakes118

Files

c1a0b7abc03527b8e564295e53012b48_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7ea33a206f2b3feab2a1e6e2c005c18d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
ioctlsocket
htons
connect
recv
closesocket
send
socket
gethostbyname

kernel32

LocalFree
CreateThread
IsBadStringPtrA
GetModuleHandleA
Sleep
GetProcAddress
LoadLibraryA
GetLastError
GetSystemInfo
IsBadReadPtr
VirtualQuery
WideCharToMultiByte
GetTickCount
InterlockedDecrement
CloseHandle
CreateFileA
lstrcpynA
MapViewOfFile
CreateFileMappingA
OpenFileMappingA

user32

CallNextHookEx
wsprintfA
PeekMessageA

ole32

CoCreateInstance
OleRun

oleaut32

SysFreeString
SysAllocString
VariantClear
GetErrorInfo

msvcrt

_adjust_fdiv
_strupr
_strdup
_CxxThrowException
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
strchr
atoi
free
isalpha
isdigit
realloc
malloc
wcslen
??2@YAPAXI@Z
__CxxFrameHandler
??3@YAXPAX@Z
sprintf

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ea33a206f2b3feab2a1e6e2c005c18d

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

ole32

oleaut32

msvcrt

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 116KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 116KB

.reloc
Size: 4KB - Virtual size: 2KB