2128c018edaa330f92c8c10c2c48e7d9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2128c018edaa330f92c8c10c2c48e7d9_JaffaCakes118
Size

26KB
MD5

2128c018edaa330f92c8c10c2c48e7d9
SHA1

65f54de7bd36495fdf182b9c29c9900bb3b02023
SHA256

45bd64d49317d5e885150fbfb50d7aa63fb7a0e1262e5801f340c71b3ce1c4fa
SHA512

d648c73284d1e28d7fe05c85eada9a3d9183549678194c28cab17341574c0c4376da03cb73c87581517d1dd24cba223ae24b87fdbbade6665dcda277a6e5d7e3
SSDEEP

384:j7RM0n/C5lwtRrYgSxFfTLPX5obTUgr4ChJhoyQkmwX:3W954MT5LaTUsPhGkP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2128c018edaa330f92c8c10c2c48e7d9_JaffaCakes118

Files

2128c018edaa330f92c8c10c2c48e7d9_JaffaCakes118
.dll windows:6 windows x86 arch:x86

2a7711078b87d3578d455412e90e1f20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetStatusWindowPos
ImmGetCompositionFontA
ImmRegisterWordW
ImmGetVirtualKey

kernel32

lstrcatW
lstrlenW
lstrcmpW
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
VirtualProtect

pdh

PdhGetDefaultPerfObjectA
PdhExpandCounterPathW
PdhExpandCounterPathA
PdhSelectDataSourceW

wsnmp32

ord603
ord104
ord106
ord906
ord105
ord905
ord903

setupapi

SetupIterateCabinetW
SetupGetFileCompressionInfoA
SetupDiClassGuidsFromNameW
SetupDiGetClassBitmapIndex
SetupDiClassGuidsFromNameExW
SetupCloseFileQueue
SetupDecompressOrCopyFileA
SetupQueryDrivesInDiskSpaceListW

urlmon

IsValidURL
GetSoftwareUpdateInfo
URLDownloadA
CoInternetCreateZoneManager

mapi32

ord54
ord48
ord12
ord189
ord18
ord182

mswsock

SetServiceW
inet_network
getnetbyname
GetAddressByNameW
rresvport
TransmitFile
sethostname
EnumProtocolsA

oleaut32

VarDateFromI2
VarBoolFromR4
VarI4FromDec
DosDateTimeToVariantTime

user32

wsprintfW

advapi32

RegCloseKey
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegOpenKeyW
RegOpenKeyExW

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
PropVariantClear
CLSIDFromString
CoCreateInstance

msvcrt

malloc
_adjust_fdiv
_initterm
free
memset
memcmp
wcstol

Exports

Exports

ifmokxqs

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a7711078b87d3578d455412e90e1f20

Headers

DLL Characteristics

File Characteristics

Imports

imm32

kernel32

pdh

wsnmp32

setupapi

urlmon

mapi32

mswsock

oleaut32

user32

advapi32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 932B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 932B