JaffaCakes118_b23bf449c6da16e5ce07188ecd3dd330

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_b23bf449c6da16e5ce07188ecd3dd330
Size

546KB
MD5

b23bf449c6da16e5ce07188ecd3dd330
SHA1

52d2229ece25882ba4124ae57d13ed5d9f640512
SHA256

18e5889266af1f5fb169dad0c923c799818496a2760f629340634a9daa1de548
SHA512

83e1cb2172225cfee7b648fc9e55d50bfebf368488a99e1a66f0aa70e91f91aa9082489e3c116b576bdee02deaf9436f37d10388dfe625cea92b23f2d712d7db
SSDEEP

12288:cNtBPQB+QpYK8rrbvRd9SfuXGXiHEXs6eAqj:cNn4B+q8rrrRd924GX+nv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_b23bf449c6da16e5ce07188ecd3dd330

Files

JaffaCakes118_b23bf449c6da16e5ce07188ecd3dd330
.dll regsvr32 windows:5 windows x86 arch:x86

ac48fb105ecfad54a4070974a6ce4bf7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
LeaveCriticalSection
LocalFree
LocalAlloc
GetSystemInfo
GetVersionExA
GetModuleHandleW
LoadLibraryA
DeviceIoControl
GetCurrentProcessId
HeapAlloc
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetComputerNameA
HeapFree
CloseHandle
InterlockedExchange
Sleep
InterlockedDecrement
GetProcessHeap
GetCurrentThreadId
InterlockedIncrement
GetModuleFileNameA
DeleteCriticalSection
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
GetCurrentProcess
TerminateProcess
InitializeCriticalSection
EnterCriticalSection

msvcrt

??3@YAXPAX@Z
malloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
free
sprintf
_except_handler3
??2@YAPAXI@Z
_purecall

user32

GetDC
GetDesktopWindow
IsRectEmpty
ReleaseDC

gdi32

GetSystemPaletteEntries

ole32

CoTaskMemFree
CoTaskMemAlloc

advapi32

RegQueryValueExA
GetUserNameA
RegSetValueA
RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegCreateKeyExA
RegCloseKey

shlwapi

SHDeleteKeyA

msdmo

MoFreeMediaType
DMORegister
MoInitMediaType
MoCopyMediaType
DMOUnregister

Exports

Exports

CreateInstance
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 171KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac48fb105ecfad54a4070974a6ce4bf7

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

ole32

advapi32

shlwapi

msdmo

Exports

Exports

Sections

.text Size: 308KB - Virtual size: 307KB

.data Size: 57KB - Virtual size: 91KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 8KB - Virtual size: 7KB

.text Size: 171KB - Virtual size: 172KB

.text
Size: 308KB - Virtual size: 307KB

.data
Size: 57KB - Virtual size: 91KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 171KB - Virtual size: 172KB