105031c79bb29888acda5b6285a07416_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

105031c79bb29888acda5b6285a07416_JaffaCakes118
Size

280KB
MD5

105031c79bb29888acda5b6285a07416
SHA1

3aebae5a0e8ea509db1d28fb94a7ea3f4efe46f4
SHA256

885c07fd02b11899ce9fa71d38d4675c6704fb3414ef5e0f6da94eae6c7c9ee6
SHA512

7c49f963e1eb100eb9b6a5f5cb13c24bf797254a7d0a86b2ad486c13128891497270fef8f3cac73c5cfd9bd6c966346d656714e29a2dcc403afb145bbfc6e1ad
SSDEEP

3072:ZXC5Xbgka39puqBA/HEMDYTBfR+Ut8AAAAAAczkRFSiFlRqqqqqq/JLQeRaER:+rgRtf40TBJ+fqqqqqq/2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
105031c79bb29888acda5b6285a07416_JaffaCakes118

Files

105031c79bb29888acda5b6285a07416_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6faa7a29977866990ee4cf132752d668

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup
WSACleanup
WSAStartup
WSACleanup

kernel32

WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
TlsFree
MultiByteToWideChar
InterlockedIncrement
lstrlenW
TlsFree
TlsFree
TlsFree
TlsFree
CreateThread
DecodePointer
EncodePointer
GetModuleHandleExW
TlsFree
TlsFree
TlsFree
TlsFree
GetLastError
lstrlenA
TlsFree
SetLastError
InterlockedDecrement
TlsFree
TlsFree
TlsFree
TlsFree
WaitForSingleObject
TlsFree
TlsFree
GetProcAddress
CreateMutexW
TlsFree
GetModuleHandleA
LoadLibraryA
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
CreateEventW
TlsFree
TlsFree
TlsFree
VirtualProtect
TlsFree
GetStringTypeA
GetStringTypeW
TlsFree
HeapCreate
TlsFree
TlsFree
TlsFree
VirtualFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsFree
TlsFree
GetThreadLocale
TlsFree
TlsFree
HeapDestroy
HeapAlloc
HeapFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
LCMapStringA
LCMapStringW
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
TlsFree
GetModuleHandleA
GetModuleHandleA

advapi32

RevertToSelf
RevertToSelf
RevertToSelf

Exports

Exports

DllRegisterServer
DllUnregisterServer
NSPCleanup
NSPStartup
Register

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6faa7a29977866990ee4cf132752d668

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 44KB - Virtual size: 51KB

.rsrc Size: 32KB - Virtual size: 30KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 44KB - Virtual size: 51KB

.rsrc
Size: 32KB - Virtual size: 30KB

.reloc
Size: 20KB - Virtual size: 16KB