56d408bcbbb1702f0ab4fba7282ac7fd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

56d408bcbbb1702f0ab4fba7282ac7fd_JaffaCakes118
Size

664KB
MD5

56d408bcbbb1702f0ab4fba7282ac7fd
SHA1

9b9dd67a7b4ec15e095467a6cbeb4cdde3e8bd46
SHA256

3039df96915aa6b58f2196b5db2032bf3433a815887021e5185ce92cafd6c6ca
SHA512

47502efb10c7c15982c50148ce00f04e54ce9bfed092232880b38f53662c8def56d7b7697e260d9a6fdfe3c30cf72eba688f78715592d66515d2cc10dae7dc46
SSDEEP

12288:gOeRol/CtPZT6KkBpWKm5tpg+9XL9nYmmnPkj8rmIbfoLNEblTq5keWaKIy0GSU6:4ImMHG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56d408bcbbb1702f0ab4fba7282ac7fd_JaffaCakes118

Files

56d408bcbbb1702f0ab4fba7282ac7fd_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

9d6fe46c624752387300b22325c85d83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dx7vb.pdb

Imports

msvcrt

wcslen
wcscpy
_wcsupr
wcsncmp
_wcsicmp
_except_handler3

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapDestroy
GetCurrentProcess
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
LocalReAlloc
lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
GetLastError
CreateEventA
CreateThread
ResumeThread
GetSystemDefaultLCID
TerminateProcess
CloseHandle
SetEvent
GetTickCount
GetProcAddress
lstrlenW
GetVersionExA
DisableThreadLibraryCalls
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
LocalFree
lstrcpyA
LocalAlloc
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LockResource
_lopen
_lread
_lclose
WriteFile
FindResourceW
OutputDebugStringA
GetModuleHandleA
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FindResourceA
LoadResource
SizeofResource
GetModuleFileNameA
lstrcatA
WaitForSingleObject

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA

ole32

CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoCreateGuid
OleInitialize
CoGetInterfaceAndReleaseStream
OleUninitialize
StringFromCLSID

gdi32

ExtTextOutW
GetTextAlign
SetTextAlign
DeleteDC
GetDeviceCaps
CreateICA
GetPaletteEntries
CreateHalftonePalette
GetSystemPaletteEntries
DeleteObject
StretchBlt
SelectObject
CreateCompatibleDC
GetObjectA
CreatePen
CreateHatchBrush
CreateSolidBrush
CreateBrushIndirect
Polyline
SetBkColor
SetBkMode
Rectangle
RoundRect
Ellipse
SetTextColor

msacm32

acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader
acmStreamSize
acmStreamOpen
acmStreamClose

user32

LoadStringA
CharNextA
GetWindowRect
GetDC
ReleaseDC
LoadImageA
wsprintfA

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit
SysStringLen
SysStringByteLen
VariantChangeType
LoadTypeLi
RegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d6fe46c624752387300b22325c85d83

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

ole32

gdi32

msacm32

user32

oleaut32

Exports

Exports

Sections

.text Size: 212KB - Virtual size: 211KB

.data Size: 63KB - Virtual size: 63KB

.rsrc Size: 367KB - Virtual size: 366KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 212KB - Virtual size: 211KB

.data
Size: 63KB - Virtual size: 63KB

.rsrc
Size: 367KB - Virtual size: 366KB

.reloc
Size: 21KB - Virtual size: 20KB