ef6a8d0bf4daf291b82e30fb1a61ac3e_JaffaCakes118

General

Target

ef6a8d0bf4daf291b82e30fb1a61ac3e_JaffaCakes118
Size

96KB
MD5

ef6a8d0bf4daf291b82e30fb1a61ac3e
SHA1

0c6e4f88392532dd86fffffe6277804adffe9685
SHA256

09c9fe31f2a1f0415af3a7ea975a3961a989fe9aa63b1be2a0ddddcfef509069
SHA512

db5ea66ec7ee1a92ae2cc250d4ccaac50d8d3517561dd9f1e4edc0624f4bbae329c26816a498e17b4e9308e6346e342c8a0c57505654905c0ec6a6b51464c3d8
SSDEEP

1536:yCtdHCF00bMfZ9t0rdTNBdvlTeRidbuXXEpUr7j3p2RTqCxxi1aWhnkvA:nFDfwJBdNTeRidbux7jgRTDxx7WNr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef6a8d0bf4daf291b82e30fb1a61ac3e_JaffaCakes118

Files

ef6a8d0bf4daf291b82e30fb1a61ac3e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b0c301ea5300f8a1b7c74f207d05403b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryDosDeviceW
CreateEventW
WideCharToMultiByte
GetVersion
GetSystemTime
GetUserDefaultLangID
ReadProcessMemory
LoadLibraryA
FindResourceW
SetFilePointer
SetEvent
FindFirstChangeNotificationW
SizeofResource
MultiByteToWideChar
GetDriveTypeW
SetLastError
SetWaitableTimer
InterlockedIncrement
GetProcAddress
GlobalFree
ResumeThread
VirtualAlloc

user32

GetWindowTextW
SetWindowTextW
WindowFromPoint
SetCursor
RegisterClassExW
RedrawWindow
InvalidateRect
GetWindowRect
UpdateWindow
SetWindowPos
DefWindowProcW
SendDlgItemMessageW
SystemParametersInfoW
ReleaseDC
GetWindowDC
GetDlgItem
CreateWindowExW
PostQuitMessage
PostMessageW

gdi32

SelectObject
Rectangle
GetDeviceCaps
CreateCompatibleDC
GetObjectW
SetTextColor
CreateICW
GetStockObject
SetMapMode
MoveToEx
CreateRoundRectRgn

advapi32

GetUserNameW
RegQueryValueExW
LookupPrivilegeValueW
RegNotifyChangeKeyValue

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.zzrwso
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ryuk
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pkbaq
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0c301ea5300f8a1b7c74f207d05403b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.zzrwso Size: 76KB - Virtual size: 74KB

.ryuk Size: 4KB - Virtual size: 1KB

.pkbaq Size: 4KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 6KB

.zzrwso
Size: 76KB - Virtual size: 74KB

.ryuk
Size: 4KB - Virtual size: 1KB

.pkbaq
Size: 4KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 6KB