3d8455dcb3562c8add44787a28a11101_JaffaCakes118

General

Target

3d8455dcb3562c8add44787a28a11101_JaffaCakes118
Size

52KB
MD5

3d8455dcb3562c8add44787a28a11101
SHA1

68683e9c7acde870b1293b16fdf40920de35f9c3
SHA256

e52d080b4413358b8c0e0a1cecc9a8333eb99cfecd698e86cbb4804a10624f4c
SHA512

ab5bf7881f80aa510c5f154a91760507499acbae7e107d92e08128a8d9b4950515546ea03595c2b5edc5e9d2a87f00ba14a4c78517e311fe6be5a918bbe13804
SSDEEP

768:ASRR1CD7ugyCTS2iHJEkKQJNxl78GwcJFoPYZ:As/CDK3CTS2tDUE0oPYZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d8455dcb3562c8add44787a28a11101_JaffaCakes118

Files

3d8455dcb3562c8add44787a28a11101_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

2a9544d253b38bc74d04f929cb3b8907

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
GetVersionExA
HeapCreate
lstrlenW
WideCharToMultiByte
HeapAlloc
MultiByteToWideChar
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
FindResourceA
LoadResource
GetCommandLineA
GetVersion
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

oleaut32

LoadRegTypeLi
SysAllocStringLen
SysFreeString
SysStringLen

atl

ord30
ord58
ord16
ord32
ord57
ord18
ord15
ord21
ord23
ord31

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a9544d253b38bc74d04f929cb3b8907

Headers

File Characteristics

Imports

kernel32

oleaut32

atl

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB