e854945c316606824456ff4e3b665b0a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e854945c316606824456ff4e3b665b0a_JaffaCakes118
Size

32KB
MD5

e854945c316606824456ff4e3b665b0a
SHA1

d75cb6c4920fea497da7c81483f80a0eb2a3782f
SHA256

7a45be75b03cd245e7cf13298652c4bd1d5c127a1511350c8ad0d01b41b6a074
SHA512

a7636949cbc68c6ba5418aa01b90c451460ad2d34d9bded53544df2bcae11a4f237038d988cc26eb2fc605c20e949c323f25f6ac04bf8a08d956c249b12d5bb9
SSDEEP

384:NQLr41Bu74AyLidcgHMXrtAFbm85+gmHmMx7GtK5HfKOrABKBk/ZpRrbGaS7:NQCYbyLkHVrmH17jHf36t/ZzbGp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e854945c316606824456ff4e3b665b0a_JaffaCakes118

Files

e854945c316606824456ff4e3b665b0a_JaffaCakes118
.dll windows:6 windows x86 arch:x86

e93cab2ce00fd2089776dd61913ed0db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetDriveTypeA
GetDriveTypeW
CloseHandle
GetLastError
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
lstrcmpW
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrlenA
lstrcpyW
lstrcpyA
ExpandEnvironmentStringsW
VirtualProtect
LoadLibraryW
GetProcAddress
FreeLibrary

ws2_32

WSACancelBlockingCall
WSAAddressToStringA
WSAGetServiceClassInfoA
WSALookupServiceBeginW
__WSAFDIsSet

crypt32

CryptSignMessage

loadperf

UnloadPerfCounterTextStringsA

oleaut32

VarUI1FromDate
VarPow
VarR4FromI2
VarI1FromDec
OleIconToCursor
VarDecSu

setupapi

SetupDiCreateDeviceInterfaceW
SetupCloseInfFile
SetupGetFieldCount
SetupDiGetHwProfileFriendlyNameExW
SetupInitDefaultQueueCallbackEx
SetupAddSectionToDiskSpaceListA
SetupDiGetClassDevsA

gdi32

GetWindowOrgEx
GetRgnBox
CreateDIBSection
SetTextCharacterExtra
GetKerningPairsW
CreatePalette
CloseFigure
FillRgn
PolyPolygon
CopyEnhMetaFileW

user32

LoadStringW

advapi32

GetUserNameW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegOpenCurrentUser
GetUserNameA

msvcrt

wcschr
swprintf
memcpy
iswctype
memset
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

fkmzhdyn

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e93cab2ce00fd2089776dd61913ed0db

Headers

File Characteristics

Imports

kernel32

ws2_32

crypt32

loadperf

oleaut32

setupapi

gdi32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B