5393e79edec3a216b7e23c1fed0f5978_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5393e79edec3a216b7e23c1fed0f5978_JaffaCakes118
Size

771KB
MD5

5393e79edec3a216b7e23c1fed0f5978
SHA1

0c2ca2d15a0010af7d81815c87843e9dd640ed11
SHA256

b6288fa8614c5de1d9f2015d9c24fa703a10d341732702cb8a531ba8e305e736
SHA512

3a15df6970b02b783dd7d20040807a5508f95ba477261bba774db8eb6a144a4b1f0e0a89603ed00e6a3a01711d2b21996c7d5eb592a2ee6f520d947aca934790
SSDEEP

24576:tKNHa5t8Z67wIGkNC5JdkMzd29Npbg2isXlFZT2:+2OURh85Jj29Npk2tlFZT2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5393e79edec3a216b7e23c1fed0f5978_JaffaCakes118

Files

5393e79edec3a216b7e23c1fed0f5978_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

9188bc29026e05e65b666e4321e85850

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GetProcAddress
LoadLibraryA
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
SetStdHandle
WriteConsoleA

oleaut32

VariantClear
VariantInit
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString

Exports

Exports

DllCanUnloadNow
DllEnter
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 649KB - Virtual size: 649KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9188bc29026e05e65b666e4321e85850

Headers

File Characteristics

Imports

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 649KB - Virtual size: 649KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 6KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 192B

.reloc Size: 59KB - Virtual size: 59KB

.text
Size: 649KB - Virtual size: 649KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 6KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 192B

.reloc
Size: 59KB - Virtual size: 59KB