e9cc5fefe9f5eba71e3f52f296ec678a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e9cc5fefe9f5eba71e3f52f296ec678a_JaffaCakes118
Size

96KB
MD5

e9cc5fefe9f5eba71e3f52f296ec678a
SHA1

36c8d76d8e67612c366449508e8626030a4571cb
SHA256

2dcdfb8c5efcdd54db624ed5e6b111a3e8193f29abe5fa7ce527f42a48bfae5f
SHA512

a4caee82b969c764dede1b64855d6672126efd1d3c591dcbc826b6d0fd1e52b5f096279825dd531ac1a9386a18bb37f743f58f9306fdf74fc57d93bd1241a90c
SSDEEP

1536:L/Jcptlw13TRAdXrRqEvSM4+zkRrB6Oc+4+hVQDfZK2bnDv6k6U:L/Jcptm13TRAdtlvSMQRrBPc+4sEKaj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9cc5fefe9f5eba71e3f52f296ec678a_JaffaCakes118

Files

e9cc5fefe9f5eba71e3f52f296ec678a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

69831937b79d362cd36c3ad88b41891f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
_ftol
__CxxFrameHandler
strncpy
_snprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
div
_purecall

winmm

timeGetTime
timeSetEvent

kernel32

GetCurrentThread
GetTickCount
SetThreadPriority
GetACP
WideCharToMultiByte
GetModuleHandleA
GetProcAddress
lstrcpyA
GetThreadPriority
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
CloseHandle
CreateEventA
ResetEvent
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
FreeLibrary
LoadLibraryA
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameA
CreateThread
DisableThreadLibraryCalls
InterlockedExchange
GetVersionExA

advapi32

RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyA
RegSetValueA

user32

MessageBoxA
LoadStringA
wsprintfA
PeekMessageA
MsgWaitForMultipleObjects
wvsprintfA
PostThreadMessageA
RegisterWindowMessageA
GetQueueStatus
DispatchMessageA

ole32

CoFreeUnusedLibraries
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69831937b79d362cd36c3ad88b41891f

Headers

File Characteristics

Imports

msvcrt

winmm

kernel32

advapi32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 16KB - Virtual size: 16KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 16KB - Virtual size: 16KB

.reloc
Size: 8KB - Virtual size: 4KB