b5b886e1b66deb94c1e66f1dc4cd1454_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b5b886e1b66deb94c1e66f1dc4cd1454_JaffaCakes118
Size

192KB
MD5

b5b886e1b66deb94c1e66f1dc4cd1454
SHA1

24ade615635b5cb868519c83707382e88012ae89
SHA256

06720c339ec8846266f3b0d780faea64ad2e101ce208cb3bff62854cb4e8d040
SHA512

73ffef1162545d03de754d54ac9d10363ea8dbef723e03bb49b5169dc18994118354b9ed22bb75cc941e4f45ecd3ad83e9e7f6482b71ac6a314c97b967438a04
SSDEEP

3072:cSKFONgLkoQKNyXgyGSUfFYLHO0FApClBBa1og0zEjNM:cgofypoCHhFAqLa1oI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
b5b886e1b66deb94c1e66f1dc4cd1454_JaffaCakes118

Files

b5b886e1b66deb94c1e66f1dc4cd1454_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7ceab4d425b517b96e550e23981c20a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

ChooseColorW

kernel32

GetModuleFileNameW
IsValidCodePage
CreateFileA
SetEndOfFile
GetModuleHandleA
IsValidLocale
GlobalAddAtomA
CreateJobObjectW

ws2_32

gethostname

crypt32

CryptSIPRemoveSignedDataMsg
CertVerifyTimeValidity

mprapi

MprConfigInterfaceTransportRemove
MprAdminTransportSetInfo

user32

SetMessageExtraInfo
GetPriorityClipboardFormat
ShowOwnedPopups
UnpackDDElParam
CallNextHookEx
GetKeyboardLayoutNameA

imm32

ImmSetOpenStatus
ImmGetContext

wininet

FtpFindFirstFileA

setupapi

SetupGetLineTextA
SetupGetFileQueueFlags
SetupInitDefaultQueueCallbackEx
SetupDiRegisterDeviceInfo

ole32

CreateStreamOnHGlobal
OleCreate
CoTaskMemAlloc

advapi32

TreeResetNamedSecurityInfoW
NotifyChangeEventLog
RegQueryValueW
RegQueryValueA
RegisterEventSourceA
ControlService
SaferGetPolicyInformation
InitializeSecurityDescriptor
RegLoadAppKeyA

comctl32

ImageList_Add

oleaut32

VarParseNumFromStr
VarR8FromUI4

msvcrt

isspace
memset
exit

shlwapi

PathAddBackslashW
PathIsUNCServerW

winmm

midiInStart
midiInUnprepareHeader
waveOutGetErrorTextW

rpcrt4

I_RpcExceptionFilter
RpcMgmtIsServerListening

Exports

Exports

frponghrpOletnfercrr

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ceab4d425b517b96e550e23981c20a1

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

kernel32

ws2_32

crypt32

mprapi

user32

imm32

wininet

setupapi

ole32

advapi32

comctl32

oleaut32

msvcrt

shlwapi

winmm

rpcrt4

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 132KB - Virtual size: 130KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 132KB - Virtual size: 130KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB