003a64680130852de73c74da132629f6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

003a64680130852de73c74da132629f6_JaffaCakes118
Size

100KB
MD5

003a64680130852de73c74da132629f6
SHA1

b68feee91d53570ac5eb526e08e264b4891e69fb
SHA256

c4850f34d227de2b60958f6317fb6d0d5ea1114670ca0f310d4bda6c25fa3bb0
SHA512

20c9d5a8cf6a4ac719b21eefaea427357b7fb3398859a73e12c8218ef7e2f4f64d333919885666e7257ecd0fd6549999e357927b77e0ce0bdc1f675c67d44a6c
SSDEEP

1536:ITbO//QDkgsqj8T4RkDiKOa9RXEFHYRpGnCUrl5:IvsGpB8UShrEFHwQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
003a64680130852de73c74da132629f6_JaffaCakes118

Files

003a64680130852de73c74da132629f6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a43f7d27aa740b5d31d5530f509cc1c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
GetCurrentProcessId
HeapAlloc
GetModuleHandleA
GetComputerNameA
WriteFile
GetTickCount
LoadLibraryA
ReadFile
ExpandEnvironmentStringsA
GetLastError
CreateDirectoryA
GetProcAddress
LeaveCriticalSection
GlobalAlloc
CreateProcessA
CreateMutexA
GetModuleFileNameA
CreateFileA
GetProcessHeap
InterlockedDecrement
VirtualQuery
HeapFree
Sleep
UnregisterWait
GetCommandLineA
CreateJobObjectW
GlobalFlags
GetSystemWindowsDirectoryA
FindNextFileA
EnumResourceNamesA
GetLocalTime
VirtualQueryEx
GetSystemPowerStatus
GetFileInformationByHandle
GetThreadContext
GetLocaleInfoW
WriteConsoleA
GetProfileIntA
SetFilePointerEx
CompareFileTime
SetEndOfFile
GetVolumeNameForVolumeMountPointW
MultiByteToWideChar
CreateMutexW
LCMapStringA
AreFileApisANSI
GetLogicalDrives
GetEnvironmentVariableW
GetTempFileNameW
HeapUnlock
CopyFileW
LCMapStringW
WriteProfileStringW
GlobalAddAtomA
QueueUserWorkItem
FindResourceExW
SetConsoleCtrlHandler
CopyFileExW
GetDateFormatW
WriteFileEx
FillConsoleOutputCharacterW
GetProcessVersion
OpenEventW
RegisterWaitForSingleObjectEx
HeapDestroy
GetCurrentDirectoryA
IsProcessorFeaturePresent
lstrcmpiW
ReadConsoleW
DosDateTimeToFileTime
FreeConsole
SetConsoleTitleA
ReleaseSemaphore
HeapSize
SetLastError
OpenProcess
GetVersion
GlobalHandle
PeekConsoleInputA
HeapWalk
GlobalFindAtomA
GetLongPathNameW
HeapReAlloc
FindResourceW
GetVolumeInformationW
InterlockedExchangeAdd
GlobalGetAtomNameA
WaitNamedPipeA
VirtualUnlock
TerminateProcess
WriteConsoleInputA
ClearCommError
SetHandleCount
TransactNamedPipe
ChangeTimerQueueTimer
WriteConsoleW
DeleteTimerQueueTimer
GetDateFormatA
GetSystemDefaultLangID
TerminateJobObject
MoveFileA
GetConsoleOutputCP
InterlockedCompareExchange
GlobalDeleteAtom
GlobalReAlloc

shell32

SHGetFolderPathA
SHGetInstanceExplorer
SHGetFolderLocation
ShellAboutW
SHBrowseForFolderW
SHGetFileInfoW
SHGetPathFromIDListA
SHGetSpecialFolderPathA
ExtractIconW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a43f7d27aa740b5d31d5530f509cc1c2

Headers

File Characteristics

Imports

kernel32

shell32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB