c535f7415067b07e3510a09fbddff9db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c535f7415067b07e3510a09fbddff9db_JaffaCakes118
Size

31KB
MD5

c535f7415067b07e3510a09fbddff9db
SHA1

14f8abc42a09b3b690b93f3eb71e058abacf3de3
SHA256

6f9965bde8fc0b163fe055a9212d57148ac2aabbdcf93a47c8eb64ae4d6ecb20
SHA512

947680a8e6548640d0dafc662ad02fa50e660d025e8281766187235249a8de4c3fae46953498cad5e227bfa86bf5a37cc89cc28d7a1dc2b22314129d4c16abc9
SSDEEP

384:hqM6g2NqtYmCx9LnN8j4g7eoa4Gtswci/+9YFlk14SQPRrcZG/FbE3a2N5GHFTTa:n+Vszi/k+SQ1b5E3a2WKSGfpNT9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c535f7415067b07e3510a09fbddff9db_JaffaCakes118

Files

c535f7415067b07e3510a09fbddff9db_JaffaCakes118
.dll windows:6 windows x86 arch:x86

298647a7b6967c59193bdd00adf52b1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CopyFileW
CreateFileW
DeleteFileW
EnumSystemCodePagesW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetCPInfoExA
GetCommTimeouts
GetFileSize
GetLastError
GetProcessHeap
GetSystemDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
IsBadHugeWritePtr
IsDBCSLeadByteEx
IsDebuggerPresent
MultiByteToWideChar
OpenJobObjectW
OutputDebugStringA
ReadFile
SetConsoleScreenBufferSize
SetLastError
SystemTimeToTzSpecificLocalTime
UpdateResourceW
WideCharToMultiByte
WriteConsoleInputW
lstrcatA
lstrcatW
lstrcpyA
lstrcpyW
lstrlenA
lstrlenW

ws2_32

WSAAccept
WSAJoinLeaf
WSARecvDisconnect
WSASetLastError
getservbyname

gdi32

DeleteObject
FloodFill
GetCharABCWidthsI
SetWinMetaFileBits
StretchBlt
UnrealizeObject
UpdateColors

winspool.drv

AddPrinterConnectionW
ConfigurePortA
ord204
StartPagePrinter

mswsock

GetNameByTypeW
GetTypeByNameW
SetServiceW
inet_network
rcmd

odbc32

CursorLibLockDbc
ODBCInternalConnectW
PostComponentError
ord27
ord56
ord35
ord262
ord66
ord74

rpcrt4

NdrConformantVaryingArrayMarshall
NdrConformantVaryingStructFree
NdrMesSimpleTypeEncode
NdrNonEncapsulatedUnionFree
RpcBindingInqAuthClientA
RpcSsSwapClientAllocFree
RpcStringBindingComposeA

wininet

GetUrlCacheEntryInfoExW
HttpQueryInfoA
RetrieveUrlCacheEntryFileW

comdlg32

ChooseFontW
FindTextW
GetOpenFileNameW
PrintDlgA

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW

msvcrt

_adjust_fdiv
_initterm
free
malloc
memcpy
memset
swprintf
wcscmp

Exports

Exports

vpbmthm

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

298647a7b6967c59193bdd00adf52b1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

gdi32

winspool.drv

mswsock

odbc32

rpcrt4

wininet

comdlg32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 1024B - Virtual size: 760B

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 1024B - Virtual size: 760B