JaffaCakes118_a1c690619cc54c1296a2b10f34cb6603156aa70d30d5ed9e815b06467e6d1c42

General

Target

JaffaCakes118_a1c690619cc54c1296a2b10f34cb6603156aa70d30d5ed9e815b06467e6d1c42
Size

62KB
MD5

c1c565dafdd0104fd4734f9bfa3454c5
SHA1

683c7e1352dbea91c4ee1a3dc1aa8ce7656cf68a
SHA256

a1c690619cc54c1296a2b10f34cb6603156aa70d30d5ed9e815b06467e6d1c42
SHA512

8cd2c4c8643edde0b89131ba91b30962fc54ff38a47731f1c03ecec3ec3520cf7ff59290054978c918d0e61b2861046226a6b06165fcf69fff7e674ecde8ed73
SSDEEP

1536:HEKx6h2mtn+V/uq4k68ct/g+LMvBPQtwhN7rdb0W8m1pbHM+qHvs:kKxiY/p6zjLMCw77rdmm/mk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1e603b5dc665ad8d5b776b41eb986aa5198526e6e2ab1bf87c0cdcfc8cdc8393

Files

JaffaCakes118_a1c690619cc54c1296a2b10f34cb6603156aa70d30d5ed9e815b06467e6d1c42
.zip

Password: infected
1e603b5dc665ad8d5b776b41eb986aa5198526e6e2ab1bf87c0cdcfc8cdc8393
.dll regsvr32 windows:6 windows x64 arch:x64

e0533e6b0ac9b87b7ad9ea052e7fa74b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

ChrCmpIA
wnsprintfA
ord15

kernel32

GetCurrentProcessId
Sleep
GetProcAddress
VirtualAlloc
VirtualFree
LoadLibraryA
CreateFileW
DeleteFileA
GetModuleFileNameW
GetCurrentThreadId

user32

SetTimer
MessageBoxA
GetClientRect
GetClassNameW
GetWindowDC
GetMessageW
GetForegroundWindow
DispatchMessageW
SystemParametersInfoW
GetSysColor
SendMessageW
GetWindowTextW
SendMessageA
KillTimer

gdi32

GetBkColor

ole32

CoTaskMemFree
CoInitializeEx

Exports

Exports

DllRegisterServer
PluginInit

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

e0533e6b0ac9b87b7ad9ea052e7fa74b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

ole32

Exports

Exports

Sections

.text Size: 197KB - Virtual size: 197KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 180B

.ndata Size: 24KB - Virtual size: 23KB

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 180B

.ndata
Size: 24KB - Virtual size: 23KB