ea1c7f1fdc9ef8fc85330c7b3b26a128_JaffaCakes118

General

Target

ea1c7f1fdc9ef8fc85330c7b3b26a128_JaffaCakes118
Size

252KB
MD5

ea1c7f1fdc9ef8fc85330c7b3b26a128
SHA1

19a5bfea4a08533ab0ae3ca1acb4146c5bb6d471
SHA256

e80cbeb7f9de982ce331e8aeb7b16b920ad69c9f00cfd6443eb5b43d97c37b2b
SHA512

afa98a200c6f36ad1565b5bbdce0c54f6e66c058681afed6dc627df6d5637daf9e31d909a669458cd4e6cd9bfeb63fda8d29f52fd0c9cf86b2311ce4abffb833
SSDEEP

6144:9zi5tZiEE4iR3NLrQRvW7CPAmDTkgFGQsMl8tOFrcxQDp66/L:gtZiaK30vWWPAmcgcMl8Ks6p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea1c7f1fdc9ef8fc85330c7b3b26a128_JaffaCakes118

Files

ea1c7f1fdc9ef8fc85330c7b3b26a128_JaffaCakes118
.dll windows:4 windows x86 arch:x86

65d1c3d7105135068385942945f57f1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CompareStringW
ExitProcess
FileTimeToLocalFileTime
GetCommandLineA
GetCommandLineW
GetCurrentThread
GetEnvironmentStringsA
GetModuleHandleA
GetTimeFormatA
GetVersionExA
GlobalAddAtomA
GlobalUnlock
HeapAlloc
HeapCreate
InterlockedExchange
InterlockedIncrement
IsValidCodePage
LCMapStringA
LCMapStringW
LoadLibraryA
PulseEvent
ReadFile
SetEnvironmentVariableA
TerminateThread
TlsFree
VirtualAlloc
WaitForMultipleObjects
lstrcpynA

advapi32

GetAccessPermissionsForObjectA
LookupSecurityDescriptorPartsW
ConvertAccessToSecurityDescriptorA

msvcrt

exit
sscanf
__set_app_type
_stricmp
__getmainargs
realloc
rand
__p__commode
printf

ole32

CoRevokeMallocSpy
CoDeactivateObject
IsEqualGUID
CoCancelCall

ddraw

DirectDrawEnumerateW
DirectDrawCreateClipper
GetDDSurfaceLocal

crypt32

CryptUnregisterDefaultOIDFunction
CryptFindLocalizedName
CertVerifyValidityNesting
CertVerifyCTLUsage

Exports

Exports

GetThumbnailFromExifTiff

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65d1c3d7105135068385942945f57f1c

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ole32

ddraw

crypt32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 140KB

.data Size: 96KB - Virtual size: 140KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 140KB - Virtual size: 140KB

.data
Size: 96KB - Virtual size: 140KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 4KB