zloader | eb8439d5ee379f19d25c2445d28e135a_JaffaCakes118

Reason

config extraction: Zloader: zloader: not enough configuration available

General

Target

eb8439d5ee379f19d25c2445d28e135a_JaffaCakes118
Size

144KB
MD5

eb8439d5ee379f19d25c2445d28e135a
SHA1

5426510acb07efc464c47bbe0cc413489365a3d9
SHA256

384f3719ba4fbcf355cc206e27f3bfca94e7bf14dd928de62ab5f74de90df34a
SHA512

5bbda761ff6c0286d346dd0fda5df2abeeb6ffb81149d0537db969feb682658dc1e5a75bb1d09a13398b26fee4163ace7d35bbd69196628b3daef53c0efdc982
SSDEEP

3072:c2kHDNNqo9hPNER+/2p1Ludye/w4FeNqEKJ7exog/Dt5eFSbvth90:cZHRNNbuc2HLxrgL7exx5ecv

Score

10^/10

zloader

Malware Config

Extracted

Family

zloader

Attributes

build_id
49

Signatures

Zloader family
zloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb8439d5ee379f19d25c2445d28e135a_JaffaCakes118

Files

eb8439d5ee379f19d25c2445d28e135a_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

9f2afd69edb8b2cf27f85f45e90103e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CompareFileTime
CreateEventW
CreateFileW
DeleteCriticalSection
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineW
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetVersion
GlobalAlloc
HeapFree
HeapSize
InitializeCriticalSection
LCMapStringW
MultiByteToWideChar
ResetEvent
SystemTimeToFileTime
VirtualAlloc
lstrcmpiW

shell32

ShellAboutW

user32

AppendMenuW
CharNextA
CheckMenuItem
ClientToScreen
CopyRect
DestroyIcon
DialogBoxIndirectParamW
DialogBoxParamW
DispatchMessageW
DrawTextW
GetDlgItemInt
GetMessageW
GetParent
GetProcessDefaultLayout
GetSubMenu
GetSysColor
GetWindowRect
GetWindowTextW
InsertMenuW
IntersectRect
InvalidateRect
InvalidateRgn
IsDialogMessageW
IsIconic
LoadCursorW
LoadIconA
LoadImageW
LoadStringW
RedrawWindow
RegisterClassA
ReleaseDC
SetCapture
SetClassLongW
SetMenuItemInfoW
SetTimer
SetWindowTextW
UnregisterClassW

gdi32

CreateRectRgn
CreateSolidBrush
DeleteObject
EndDoc
ExtCreatePen
GetObjectW
GetRgnBox
GetTextExtentPointW
LineTo
SelectObject
SetBkColor
SetBkMode
SetMapMode
SetRectRgn
SetTextColor
StartDocA
StartPage

ole32

CoInitialize

Exports

Exports

DllRegisterServer

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Extracted

Signatures

Files

9f2afd69edb8b2cf27f85f45e90103e3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

user32

gdi32

ole32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 11KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 11KB

.reloc
Size: 9KB - Virtual size: 9KB