091a22f976761324c7d02b71c000d930_JaffaCakes118

General

Target

091a22f976761324c7d02b71c000d930_JaffaCakes118
Size

180KB
MD5

091a22f976761324c7d02b71c000d930
SHA1

4b9281587823a139c5f3cf0a86f9f999866db660
SHA256

d4d7fd71618e6fa12e42ab969ee97f3c3ac4209f6f23c6a86f40d5b96b09630a
SHA512

bd5e59f3c3390b21c1163ea36b8364fc2968487b4af961025e8ad028028221c562bfd76244e3a653bb0cb40cca0486d45c2fa5326e2d16d737ce121797b4b032
SSDEEP

3072:uUGxwFJywAJXqJaYIuzz6DDz1o0N67voLFT8NK0vu+kCzpvIas6:hMwFcwAJXu0Rz1b672T8U0v76as6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
091a22f976761324c7d02b71c000d930_JaffaCakes118

Files

091a22f976761324c7d02b71c000d930_JaffaCakes118
.dll windows:5 windows x86 arch:x86

768ba8fb3680dc23057b742712900845

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

petup.pdb

Imports

user32

MessageBoxW
IsWindow

shell32

SHGetSpecialFolderLocation
SHCreateDirectoryExW
CommandLineToArgvW

kernel32

ExitProcess
FindFirstFileW
FindNextFileW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFullPathNameW
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
lstrlenW
InterlockedExchange

msvcrt

_cexit
_controlfp
_exit
_initterm
_ismbblead
_wcsdup
_wcslwr
exit
free
memset
printf
wcsstr
wprintf
_amsg_exit
__setusermatherr
__set_app_type
__p__fmode
__p__commode
_XcptFilter
__getmainargs

gdi32

PolyDraw
ArcTo

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

ASet
CreateNotify
CreateQuery
FIsEmptyA
FIsHTMLFileW
GenerateUniqueFileName
HrEtreamSeekBegin
MawDeviceCallback
MessageBoxInst
Move

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

768ba8fb3680dc23057b742712900845

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

shell32

kernel32

msvcrt

gdi32

advapi32

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 19KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 352B

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 352B