f1b7ad994f6b202bfa702c9da615c909_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f1b7ad994f6b202bfa702c9da615c909_JaffaCakes118
Size

26KB
MD5

f1b7ad994f6b202bfa702c9da615c909
SHA1

644b21f1b5e4dcdae14509ea883d7d6108a05dd7
SHA256

e7a51794e1625e02fb8642dc382114bd5138d7d57f0ecb984a5bed89a4c10d87
SHA512

deee773d26f963ad3aea988ce647d861e98b2a3bc394b9e3436e3a0a14d11124587f5e902a3cdc4bba8c4c6145f037517bdf9a937ccb5277d71749c4487c57d2
SSDEEP

384:8YEgQoJM4O04nWxr2gKk/8vZ7x5owhX23BLSQRk7kmwX:8YHQP4OvKKH88vZJhm35SQRk7kP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1b7ad994f6b202bfa702c9da615c909_JaffaCakes118

Files

f1b7ad994f6b202bfa702c9da615c909_JaffaCakes118
.dll windows:6 windows x86 arch:x86

f0f3c53ce1b7b2bd7649aba047bf3753

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualProtect
lstrcmpW
lstrcatW
lstrlenW
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
GetDriveTypeA
SetEnvironmentVariableA
SetErrorMode
TlsFree
CreateThread
MapViewOfFileEx

odbc32

ord21
ord55
ord162
ord12
ord117
CollectODBCPerfData
ord51

ole32

OleDestroyMenuDescriptor
StringFromGUID2
CoCreateInstance
CLSIDFromString
StgSetTimes
StringFromIID
CoTaskMemAlloc
CoTaskMemFree
GetHookInterface
PropVariantClear

loadperf

LoadPerfCounterTextStringsA
LoadPerfCounterTextStringsW
UnloadPerfCounterTextStringsW
UnloadPerfCounterTextStringsA

oleaut32

VarOr
VarCyFromBool
VarDateFromDisp
VarUI1FromDate

setupapi

SetupDiGetHwProfileFriendlyNameExA
SetupDiCancelDriverInfoSearch
SetupGetInfInformationA

msacm32

acmFilterTagDetailsW
acmGetVersion
acmDriverOpen
acmFormatChooseA
acmFormatTagEnumW
acmFilterTagEnumW

winspool.drv

AddMonitorA
AddFormW
PrinterMessageBoxW
ord203
DeletePrintProvidorW

wsock32

ord1119
setsockopt
WSASetBlockingHook
ntohs
WSASetLastError
ord1102

user32

wsprintfW

advapi32

RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegNotifyChangeKeyValue
RegEnumValueW

msvcrt

wcstol
malloc
memcmp
memset
_initterm
_adjust_fdiv
free

Exports

Exports

yhptr

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0f3c53ce1b7b2bd7649aba047bf3753

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

odbc32

ole32

loadperf

oleaut32

setupapi

msacm32

winspool.drv

wsock32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 928B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 928B