fd0cc510cc70e819c3d420d333a9f90d_JaffaCakes118

General

Target

fd0cc510cc70e819c3d420d333a9f90d_JaffaCakes118
Size

112KB
MD5

fd0cc510cc70e819c3d420d333a9f90d
SHA1

8a6ce9d6c04f6ea45696817e565808fdb427652f
SHA256

8bba49132c675c9ec52e68ac7e58791245ac424729d4bf8387c44c69aefd7450
SHA512

c99bb9d6c39fb55c925632eef3e8705a348fb0e75ef8ccae831050b7c6ad366a31fe5db5c2404ad1842c366192c61a5772f44f7ba1a78e52eb0d50fe651b770d
SSDEEP

1536:yhFoZcrMXYMX/vVkWwNLGw79BcQV60TxKBsGR2NYxJz3N498mxVZy8l:yoZmMHL2G0coTx0XiGtdi8r8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd0cc510cc70e819c3d420d333a9f90d_JaffaCakes118

Files

fd0cc510cc70e819c3d420d333a9f90d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

12e6bd155467784e6b91b54447636aee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTime
SetCurrentDirectoryW
SetFilePointer
ResumeThread
FindFirstFileW
FindFirstChangeNotificationW
SetThreadPriority
LoadLibraryW
CreateProcessW
SizeofResource
MultiByteToWideChar
FindResourceExW
WaitForMultipleObjects
LoadLibraryA
ReadFile
GetCurrentThreadId
GlobalUnlock
GetFileAttributesW
DeleteFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetProcAddress
CreateEventW
SetWaitableTimer
GetLastError
InterlockedDecrement
LoadResource

user32

RegisterWindowMessageW
PostQuitMessage
SetWindowPos
SetCursorPos
CreateWindowExW
LoadStringW
VkKeyScanW
wsprintfW
ReleaseCapture
DispatchMessageW
WindowFromPoint
IsWindow
GetSystemMetrics
SetDlgItemTextW
GetWindowThreadProcessId
LoadIconW
PostMessageW
UpdateWindow
RedrawWindow
GetKeyState
DialogBoxParamW
SystemParametersInfoW

gdi32

GetStockObject
GetDeviceCaps
GetClipBox
CreateICW
StretchBlt
CreateDCW
GetMapMode
CreateRoundRectRgn
DPtoLP
SetDIBits
LineTo
CreateCompatibleDC

advapi32

InitializeSecurityDescriptor
GetUserNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.ybald
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eblhoi
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lgnt
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12e6bd155467784e6b91b54447636aee

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.ybald Size: 92KB - Virtual size: 90KB

.eblhoi Size: 4KB - Virtual size: 1KB

.lgnt Size: 4KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 6KB

.ybald
Size: 92KB - Virtual size: 90KB

.eblhoi
Size: 4KB - Virtual size: 1KB

.lgnt
Size: 4KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 6KB