1971fbdc59e4e7fcefd8a57c643d4536_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1971fbdc59e4e7fcefd8a57c643d4536_JaffaCakes118
Size

24KB
MD5

1971fbdc59e4e7fcefd8a57c643d4536
SHA1

be18eee1c0e2f6399286464a521838eb34279ae2
SHA256

ef5344bc6b5a1cef85ccee2e4b1b413e64d596fbed1a0d6b2f39e4eb83d13bc7
SHA512

b1577de1252fe4453fa8468d0c96d50827bbfbf9b8a6a4466f034dba6fcd4953ba8cf3e240194cfa0e771107e300c263d2938b9af67dd851f8e99222d5ca9552
SSDEEP

384:UPJ7HHEsv4swPmLkB1C3J8RrgghzFA1LzVYivnCjP6ExR6OI6Sm6MO5dcs1:UR7n3RLeCWqYWnCzV6OIX1MCdcs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1971fbdc59e4e7fcefd8a57c643d4536_JaffaCakes118

Files

1971fbdc59e4e7fcefd8a57c643d4536_JaffaCakes118
.dll windows:6 windows x86 arch:x86

ee17bd1d1fceadf545bfa2f1bf4919ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmSimulateHotKey
ImmEscapeA
ImmGetConversionListW
ImmGetStatusWindowPos
ImmGetCandidateWindow

kernel32

SetLastError
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetSystemDirectoryW
lstrcpyA
lstrcpyW
lstrcatA
lstrcatW
lstrlenA
lstrlenW
CopyFileW
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
ReadFile
GetFileSize
FindNextFileW
FindNextFileA
FindFirstFileW
EnumSystemCodePagesW
CreateFileW
DeleteFileW
FindClose
FindFirstFileA

crypt32

CryptMsgVerifyCountersignatureEncoded
CertFindAttribute
CertCompareCertificateName
CertOpenSystemStoreW
CryptMsgGetParam

msacm32

acmStreamSize
acmFilterTagDetailsW
acmDriverDetailsA
acmFilterTagEnumW
acmStreamUnprepareHeader
acmFormatEnumW
acmDriverOpen
acmStreamClose

wininet

FindCloseUrlCache
FindFirstUrlCacheEntryExA
FreeUrlCacheSpaceW
InternetCreateUrlA
InternetSetCookieA
RetrieveUrlCacheEntryFileW
ShowClientAuthCerts

pdh

PdhUpdateLogA
PdhEnumMachinesA
PdhSelectDataSourceA
PdhGetCounterTimeBase
PdhRemoveCounter
PdhReadRawLogRecord

mswsock

GetTypeByNameA
GetAddressByNameW
rexec
WSARecvEx
inet_network
GetServiceA
AcceptEx

winspool.drv

AddMonitorW
ReadPrinter
DeletePrinterDataA
FreePrinterNotifyInfo
EnumMonitorsA
EnumPrinterDataExA

rtm

MgmInitialize
RtmBlockConvertRoutesToStatic
RtmIsRoute
RtmDeleteRouteTable

user32

IsCharAlphaNumericA
CharToOemBuffA
GetPriorityClipboardFormat
CallNextHookEx
OpenClipboard
ReplyMessage
BroadcastSystemMessage

advapi32

RegCloseKey
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW

msvcrt

memset
memcpy
swprintf
malloc
_initterm
_adjust_fdiv
free

Exports

Exports

dkjch

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee17bd1d1fceadf545bfa2f1bf4919ea

Headers

DLL Characteristics

File Characteristics

Imports

imm32

kernel32

crypt32

msacm32

wininet

pdh

mswsock

winspool.drv

rtm

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 7KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 736B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 736B