29b5827436e7e469065d88b22e92f224_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29b5827436e7e469065d88b22e92f224_JaffaCakes118
Size

211KB
MD5

29b5827436e7e469065d88b22e92f224
SHA1

07dfbecbe0fe9816f121787b470e39ccbb2c508d
SHA256

3231afea552fe5f5dbc522749f796269e6a5bd97f7663a1adece8d95a50a169a
SHA512

eddb41be27ac0086264df74cdc283483cf2939c2860d587bb8d08ceb0be00d599f5cc0efb73c0c5a354f3a1fdea9f95d8aa6810fbd555412dd67ae13a337c9d9
SSDEEP

3072:gEplV+w2+KJMjHcQA3jBe7VhRWh3p6K3JU9QRHWX1W6LehhZU/Fv:VlVvHcRehm4KyaoF/Lei

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29b5827436e7e469065d88b22e92f224_JaffaCakes118

Files

29b5827436e7e469065d88b22e92f224_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

8fd787440adf26a6f7cbd734a3c173ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msimtf.pdb

Imports

msvcrt

wcscpy
wcslen
atoi
_itoa
memmove
_stricmp
strchr
strtoul
_adjust_fdiv
malloc
_initterm
free

kernel32

QueryPerformanceCounter
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress
GetSystemDirectoryA
GetModuleFileNameA
GetFullPathNameA
lstrlenA
lstrcmpiA
FindResourceExA
LoadResource
LockResource
AddAtomA
EnterCriticalSection
FindAtomA
LeaveCriticalSection
DeleteAtom
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetACP
GetVersionExA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetTickCount
MultiByteToWideChar
GetLastError
WideCharToMultiByte
IsDBCSLeadByteEx
InterlockedIncrement
InterlockedDecrement
GetLocaleInfoA
lstrcpyA
lstrcmpA
LocalUnlock
LocalLock
LocalFlags
LocalAlloc
LocalFree
LocalSize
LocalReAlloc
lstrlenW
LoadLibraryA
lstrcpynA
GetSystemWindowsDirectoryA
GetModuleHandleA

user32

IsWindowUnicode
GetClassLongA
RegisterClassExA
GetClassInfoExA
LoadCursorA
LoadIconA
DestroyIcon
UnregisterClassA
IsWindow
PostMessageA
DestroyWindow
CreateWindowExA
ReleaseDC
GetDC
GetFocus
GetKeyboardLayout
SendMessageA
RegisterWindowMessageA
SetPropA
GetWindowLongA
GetPropA
GetKeyboardLayoutList
DefWindowProcW
wsprintfA
GetKeyState
ClientToScreen
GetClientRect
SetRect
SystemParametersInfoA
CharNextA
SetWindowLongA
SendMessageW
SetWindowsHookExA
UnhookWindowsHookEx
PostMessageW
GetParent
GetKeyboardState
ToAsciiEx
CallNextHookEx
GetWindowThreadProcessId
CallWindowProcA
DefWindowProcA
LoadKeyboardLayoutA
GetClassNameA
GetSystemMetrics

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
AllocateAndInitializeSid
FreeSid
RegCloseKey
RegOpenKeyExA
CheckTokenMembership
RegOpenKeyA
RegSetValueExA
RegQueryValueExW
RegQueryValueExA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

msctf

TF_CreateThreadMgr
TF_CreateInputProcessorProfiles

gdi32

SelectObject
GetTextMetricsA
DeleteObject
TranslateCharsetInfo
GetCurrentObject
GetObjectA
CreateFontIndirectA
GetStockObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MsimtfIsGuidMapEnable
MsimtfIsWindowFiltered

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fd787440adf26a6f7cbd734a3c173ee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

version

msctf

gdi32

Exports

Exports

Sections

.text Size: 146KB - Virtual size: 145KB

.data Size: 56KB - Virtual size: 56KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 146KB - Virtual size: 145KB

.data
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB