444e1559e97729d11815b53cc19667ab_JaffaCakes118

General

Target

444e1559e97729d11815b53cc19667ab_JaffaCakes118
Size

116KB
MD5

444e1559e97729d11815b53cc19667ab
SHA1

0f7b19f4a02a7f5d3087a0c9ec82fe9af018a3c5
SHA256

b2ac76741a4938e67fd6948d7b0a03c8528ea0017a66e9cb3e5acea9f062e36d
SHA512

04ce7b742f33d97059f684b0935d793b0e967f155ec99a753573e22e09e74b86938962a31185e7b3670c57f5db439c7509b6f905f4f9e496184e17199387b9dd
SSDEEP

3072:Pl37TRGQt0pM3DXrKpFrEDtwRiJdMRruhGX:PVkfSboSbMR6k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
444e1559e97729d11815b53cc19667ab_JaffaCakes118

Files

444e1559e97729d11815b53cc19667ab_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

193e6075597b4e5f15a4ce8c71f895a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
_assert
swprintf
_vsnwprintf
malloc
strstr
free
printf
wprintf
_beginthreadex
_endthreadex
_chkesp

kernel32

Sleep
GetFullPathNameW
OutputDebugStringW
LoadLibraryW
SetLastError
HeapFree
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
CreateMutexW
HeapAlloc
GetProcessHeap
CreateFileW
MultiByteToWideChar
IsBadCodePtr
ReleaseMutex
WaitForMultipleObjects
GetProcAddress
GetLastError
FreeLibrary
WideCharToMultiByte
DeviceIoControl

user32

IsWindow
BroadcastSystemMessageW
RegisterWindowMessageW

advapi32

RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetFolderPathW

shlwapi

StrRStrIW

Exports

Exports

CtFxPlugInMgrEntryPoint
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

193e6075597b4e5f15a4ce8c71f895a4

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 64KB - Virtual size: 62KB

.rsrc Size: 4KB - Virtual size: 784B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 64KB - Virtual size: 62KB

.rsrc
Size: 4KB - Virtual size: 784B

.reloc
Size: 4KB - Virtual size: 1KB