45aa15cabbc488ca7528925d51c5c244_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

45aa15cabbc488ca7528925d51c5c244_JaffaCakes118
Size

23KB
MD5

45aa15cabbc488ca7528925d51c5c244
SHA1

18b063bc2316a36ba815f3accd685657e0682d58
SHA256

b691246d5a1add7cab205f19015e8d84f04c31db3f8a9d66c7a5136d86495c0e
SHA512

74f35a4e7a47aa212fabe1417799ae51783db2912aba7b8ac4d011cdaefdf83ea49dd47be8ccde431086181c1d68a5ef15d33744e34ae856bc14aa53ed5ab133
SSDEEP

384:38Xx+HsHLmKkTQ83KsTZWeZJh+q9RV65uz/miGLPKQSf/xWBp4+:3OVk883zTzZJESSuzSLtSf/08

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45aa15cabbc488ca7528925d51c5c244_JaffaCakes118

Files

45aa15cabbc488ca7528925d51c5c244_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e61e8bb9c0c0f2cf0ec7ddbd9e11820b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MsgWaitForMultipleObjects
GetSubMenu
LoadIconW
MapWindowPoints
GetLastActivePopup
GetMessageW
RegisterClassA
GetClientRect
PostMessageA
PostMessageW
TranslateMessage
PeekMessageW
MoveWindow
TrackPopupMenu
EnumThreadWindows
FindWindowW
SetParent

kernel32

CreateFileMappingW
VirtualQuery
FindNextFileW
FormatMessageW
GetOEMCP
LoadResource
RtlUnwind
HeapSize
GetStartupInfoA
GetVersion
lstrlenW
InitializeCriticalSection
HeapAlloc
LoadLibraryExW
HeapReAlloc
LoadLibraryA
GetProcessHeap
GetStdHandle
CreateThread
MoveFileA
GetConsoleOutputCP
GetSystemInfo
FindResourceW
FlushFileBuffers
FreeEnvironmentStringsA
FormatMessageA
GetSystemTimeAsFileTime
VirtualProtect
ReadFile
GetEnvironmentStringsW
CreateFileW
EnterCriticalSection
MulDiv
CreateFileA
GetExitCodeProcess
GetWindowsDirectoryW
GetFileSize
GetCommandLineW
GetTickCount
LeaveCriticalSection
GetFileType
SizeofResource
GetModuleFileNameA
SetHandleCount
RaiseException
CompareStringW
GetTimeZoneInformation
InterlockedExchange
DeleteCriticalSection
SystemTimeToFileTime
GetStringTypeA
GetModuleHandleW
GetCurrentProcess
GetACP
LoadLibraryExA
InterlockedCompareExchange
TerminateProcess
DuplicateHandle
GetFileAttributesW
GetCommandLineA
OutputDebugStringA
FreeLibrary
ExitThread
GetCurrentThreadId
GetUserDefaultLCID
HeapDestroy
GetSystemDirectoryW
GetVersionExA
GetCurrentProcessId
SetUnhandledExceptionFilter
FlushInstructionCache
MapViewOfFile
IsBadReadPtr
CompareFileTime

msvcrt

_CxxThrowException
wcstol
malloc
_wcsicmp
__p__fmode
__p__commode
_vsnprintf
_lock
_XcptFilter
memcpy
__dllonexit
_iob

ole32

CoTaskMemAlloc
CoCreateInstance
SetDocumentBitStg
CoTaskMemFree
CreateStreamOnHGlobal

Exports

Exports

DllMain
DllRegisterServer
DllUnregisterServer
WSPStartup

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 90B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e61e8bb9c0c0f2cf0ec7ddbd9e11820b

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

ole32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 5KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 15KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 90B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 5KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 15KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 90B