fa1b89062e399307ee4037898975a61a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa1b89062e399307ee4037898975a61a_JaffaCakes118
Size

69KB
MD5

fa1b89062e399307ee4037898975a61a
SHA1

e6010b1d253f087236b0802db79a50dc1adffca2
SHA256

7180f46bad26800ef1c9b557f60bf812e13098010b78cfa27d570fa2aa815b65
SHA512

b2e179c13cbb2c6cb367dfe584ad5ca236c84545ac7067a790b8a14c202062deb34a618f288d9242dc918bd227025fe24d4d417aadb99772e82a467860d3b25f
SSDEEP

768:egzipAxSSPu3LdqnEpwj+CVKQOqWqQn8:egzipATyLE2wj+CEpq6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa1b89062e399307ee4037898975a61a_JaffaCakes118

Files

fa1b89062e399307ee4037898975a61a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8d6687828578dbd20729bc68b88c3fc3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
SetLastError
Process32First
OpenProcess
CompareStringA
GetModuleFileNameW
OutputDebugStringA
LoadLibraryA
GetModuleFileNameA
GetLastError
LoadLibraryW
lstrcatW
SetFileAttributesW
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
Sleep
RtlUnwind
lstrcmpA
lstrlenA

user32

AnyPopup
BeginPaint
ShowWindow
ReleaseDC
DestroyWindow
CharLowerA
GetClassInfoA
GetClientRect
SendMessageA
GetWindowLongA
SetWindowLongA
CreateWindowExA
UnregisterClassA
RegisterClassA
wsprintfW
LoadBitmapA
EndPaint
CallWindowProcA
IsWindow

gdi32

CreateCompatibleDC
SelectObject
DeleteDC
CreateFontA
RestoreDC
DeleteObject

advapi32

RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString

msimg32

TransparentBlt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d6687828578dbd20729bc68b88c3fc3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msimg32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 688B

.rsrc Size: 41KB - Virtual size: 40KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 688B

.rsrc
Size: 41KB - Virtual size: 40KB

.reloc
Size: 3KB - Virtual size: 3KB