e9806e48dad22877727a13c33ce199a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e9806e48dad22877727a13c33ce199a1_JaffaCakes118
Size

84KB
MD5

e9806e48dad22877727a13c33ce199a1
SHA1

019b9815e0fece8a5a3152c2d36f6054eaa23152
SHA256

896e4b2d92261ba25085e59492edc224d5b2cbc92c54e39eb6625fa4ebd2336d
SHA512

cee8a76bf7f700af5b6596aa134a81c7cfd34fc981bbb564977ac32fa99ade947966311cfe720839470f7fedf82cd89c2e35985b19c6a7286e9b044bb3bf096d
SSDEEP

1536:Ce0aW9jiEt4l2q88VNapVLaKtvuSHmQ+Tud3dWMAlSX:Ce0HDt4l18kqU8X1FW5SX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9806e48dad22877727a13c33ce199a1_JaffaCakes118

Files

e9806e48dad22877727a13c33ce199a1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8652cba0d0601c3aad937ab67bc7ee71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
LoadResource
LockResource
SizeofResource
CopyFileW
GetSystemWindowsDirectoryW
QueryPerformanceCounter
GetTempFileNameW
CreateFileW
InitializeCriticalSectionAndSpinCount
DebugBreak
HeapSize
HeapReAlloc
HeapDestroy
OpenEventW
FindResourceExW
FindResourceW
SetLastError
GetLastError
SetEvent
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
Sleep
UnregisterWait
GetVersion
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
IsBadReadPtr
VirtualAlloc
UnmapViewOfFile
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
lstrlenW
RaiseException
GetVersionExA
GetModuleFileNameW
lstrcmpW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
InterlockedIncrement
DeleteFileW
LocalFree
CreateDirectoryW
CreateThread
WaitForMultipleObjects
GetExitCodeThread
WaitForSingleObject
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
CreateFileA
DeviceIoControl
FreeLibrary
ChangeTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
QueueUserWorkItem
InterlockedCompareExchange
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
CreateEventW
InterlockedDecrement
GetProfileStringA
OutputDebugStringA

rpcrt4

RpcStringBindingParseW
RpcBindingVectorFree
RpcBindingToStringBindingW
RpcEpUnregister
RpcEpRegisterW
RpcServerListen
RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcImpersonateClient
RpcRevertToSelfEx
UuidFromStringW
NdrAsyncServerCall
NdrServerCall2
RpcStringFreeW
RpcServerInqBindings
RpcServerUseProtseqW
RpcAsyncCompleteCall
UuidCreate
UuidToStringW
RpcMgmtStopServerListening
RpcAsyncAbortCall

Exports

Exports

_JKPVCBG@0

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8652cba0d0601c3aad937ab67bc7ee71

Headers

File Characteristics

Imports

kernel32

rpcrt4

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 40KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 784B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 40KB - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 784B

.reloc
Size: 4KB - Virtual size: 1KB