fa55383a348af93372b6610555dc23b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa55383a348af93372b6610555dc23b8_JaffaCakes118
Size

507KB
MD5

fa55383a348af93372b6610555dc23b8
SHA1

633536dab0c149c5e71505b7db0164e9f3b9598c
SHA256

5b56be276354686b57f6145022daaa8f1e3257e0919e33b17ca1721a23f73403
SHA512

f0195dbc7950dadbad24c9ad307ec17bc32c25ba8e8257a2836ca250ab84fc236134eaf5b588e45b7a3d4b21f8f30a57b83f396030fa82bf792f215e612d9876
SSDEEP

12288:goJc07eBsFdketews58lc+YJsNZiRqgf4IiVLt+DCDV1z6O:dVQhwsylcTTF5DcN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa55383a348af93372b6610555dc23b8_JaffaCakes118

Files

fa55383a348af93372b6610555dc23b8_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

9e40376154f42f640132cec2f0b9376e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\thinkdark\scoreDo\TimeMany\MayPeriod\TroubleGas\To.pdb

Imports

kernel32

FindFirstFileA
TlsSetValue
TlsAlloc
Sleep
GetModuleFileNameA
VirtualProtect
GetModuleHandleA
FindNextFileA
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
FindClose
LoadLibraryA
GetCurrentProcess
HeapSize
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
InitializeCriticalSectionAndSpinCount
WriteFile
HeapReAlloc
VirtualAlloc
HeapAlloc
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
GetCurrentThreadId
GetCommandLineA
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte

user32

TranslateMessage
LoadCursorA
UnregisterHotKey
CreateMenu
DeferWindowPos
BeginDeferWindowPos
RegisterWindowMessageA

gdi32

TextOutA
SetViewportOrgEx
RectVisible

msi

ord81
ord83
ord85
ord87
ord93
ord95
ord104
ord108
ord110
ord112
ord126
ord130
ord136
ord141
ord154
ord71
ord168
ord172
ord174
ord176
ord178
ord180
ord192
ord194
ord202
ord204
ord208
ord210
ord212
ord214
ord216
ord68
ord67
ord65
ord44
ord42
ord40
ord38
ord156

Exports

Exports

DllRegisterServer

Sections

.text
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e40376154f42f640132cec2f0b9376e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msi

Exports

Exports

Sections

.text Size: 457KB - Virtual size: 457KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 5KB - Virtual size: 62KB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 457KB - Virtual size: 457KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 5KB - Virtual size: 62KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 7KB - Virtual size: 6KB