0a629d4790598a83061d053f4a3aa8aa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0a629d4790598a83061d053f4a3aa8aa_JaffaCakes118
Size

24KB
MD5

0a629d4790598a83061d053f4a3aa8aa
SHA1

f1c78ca24c874e7fc6a7028703c17672bc91167b
SHA256

07190acb0aed8a2899cd3edd16e08e1029c105c5808f7023f3320d3c6378833c
SHA512

9f9af53ef9cfcf9d231a4922516483671043a552c06c9310a36a4bff631f8f8624b1abbcaa8d4083e7b2e1dea4aaac7960e25a90770dedc1c1ab106ce502a9d0
SSDEEP

384:BreBw0RDT7C1zQb+Lw3wUJnZyzIUFjA4H+mc90DjMTucrg+8X62MWg:mw47C5rw3jngUiimPXM3gtXDM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a629d4790598a83061d053f4a3aa8aa_JaffaCakes118

Files

0a629d4790598a83061d053f4a3aa8aa_JaffaCakes118
.dll windows:6 windows x86 arch:x86

60dad6b20605357e324d9bfeff746983

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrCpyNW

kernel32

MapViewOfFile
EnumSystemCodePagesW
CreateFileW
DeleteFileW
GetFileSizeEx
SetEndOfFile
SetFilePointer
SetFileTime
WriteFile
CloseHandle
GetLastError
SetLastError
VirtualAlloc
VirtualFree
CreateFileMappingW
UnmapViewOfFile

setupapi

SetupDiBuildClassInfoListExW
SetupQueueRenameW
SetupGetLineByIndexA

wsnmp32

ord105
ord202
ord203
ord204
ord104
ord601

mpr

WNetConnectionDialog
WNetEnumResourceA
WNetGetResourceParentA
WNetCancelConnectionA
WNetAddConnectionW
WNetGetLastErrorA

mscms

TranslateColors
CreateColorTransformA
GenerateCopyFilePaths
CheckColors
CloseColorProfile
UninstallColorProfileW
InstallColorProfileW

resutils

ResUtilFreeParameterBlock
ResUtilDupString
ResUtilGetMultiSzProperty
ResUtilStopResourceService
ResUtilSetDwordValue
ResUtilSetPrivatePropertyList
ResUtilSetPropertyParameterBlock
ResUtilStopService

ole32

HBRUSH_UserFree
CreateAntiMoniker
OleBuildVersion
GetHGlobalFromStream
UpdateDCOMSettings
OpenOrCreateStream
OleCreateLinkToFileEx
OleDoAutoConvert

shell32

SHGetDataFromIDListW
FindExecutableA
SHGetMalloc
ShellAboutA
SHAddToRecentDocs

msvcrt

memcmp
qsort
malloc
memcpy
memset
memmove

Exports

Exports

wpthihshrb

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60dad6b20605357e324d9bfeff746983

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

setupapi

wsnmp32

mpr

mscms

resutils

ole32

shell32

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 6KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 280B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 280B