f8a3ee6e93a2116c5406ca20ab4e4e89_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f8a3ee6e93a2116c5406ca20ab4e4e89_JaffaCakes118
Size

123KB
MD5

f8a3ee6e93a2116c5406ca20ab4e4e89
SHA1

160af832565702bb8872f9bfca93400a78e40e83
SHA256

6fc74440f44fb0a69bddbbfd28798bb641743f81fa8489a88c5606ecccfc73c4
SHA512

ded4f49e3258e6ac672a8aadebcac5bc40b42e9746e4c7be956e01d900e349290b0e21099791bd4877da489f9939cf687d9376bb07c247378d67251dcba67589
SSDEEP

3072:5rPGuguYvzDX2eY6IIUBndJM2xEdffUxjMi9FjWzgLEfcRc96PxvZr7z+D19VqJg:b/k65hr7z2VqPgnHNww

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8a3ee6e93a2116c5406ca20ab4e4e89_JaffaCakes118

Files

f8a3ee6e93a2116c5406ca20ab4e4e89_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3d56dc00af27072058ed8c1c3718590f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtOpenJobObject
RtlpUnWaitCriticalSection
RtlTimeToTimeFields
NtImpersonateClientOfPort
RtlExtendHeap
RtlEqualString
NtSetDefaultHardErrorPort
RtlEqualSid
strcat
RtlCompareString
CsrClientCallServer
NtRequestWakeupLatency
NtDeviceIoControlFile
RtlQuerySecurityObject
RtlEnlargedUnsignedMultiply
NtSetContextThread
NtAccessCheck
DbgUiConnectToDbg
RtlQueryTagHeap
NtUnlockVirtualMemory

kernel32

GetTapePosition
InitAtomTable
GetStdHandle
_hwrite
GetConsoleTitleW
SetCommBreak
IsBadStringPtrA
GetConsoleMode
GetFileAttributesA
GetCommProperties
FileTimeToSystemTime
ExitProcess
SetLastConsoleEventActive
SleepEx
GetFileAttributesExW
GetCommState
VirtualAlloc
TlsGetValue

gdi32

GdiEntry14
GetTextColor
SetAbortProc
PtInRegion
GetPixel
GetOutlineTextMetricsW
GetPixelFormat
CreateFontIndirectA
CreateScalableFontResourceA
UpdateColors
PolyPatBlt
SetWorldTransform
GetEnhMetaFilePaletteEntries
GetROP2
RemoveFontResourceW
FixBrushOrgEx
SetBoundsRect

ole32

OleCreateFromData
DllGetClassObject
CoSetState
HENHMETAFILE_UserFree
CoLoadLibrary
CoRegisterMessageFilter
GetDocumentBitStg
HACCEL_UserUnmarshal
CoIsOle1Class
OleGetAutoConvert
SNB_UserUnmarshal
CoQueryClientBlanket
SNB_UserMarshal
DllGetClassObjectWOW
CoUnmarshalInterface
UtGetDvtd16Info
MonikerRelativePathTo
OleCreateLinkFromData
IsEqualGUID
HBITMAP_UserFree
OleCreateFromFileEx

Sections

.text
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d56dc00af27072058ed8c1c3718590f

Headers

File Characteristics

Imports

ntdll

kernel32

gdi32

ole32

Sections

.text Size: 43KB - Virtual size: 44KB

.data Size: 75KB - Virtual size: 200KB

.adata Size: 3KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 43KB - Virtual size: 44KB

.data
Size: 75KB - Virtual size: 200KB

.adata
Size: 3KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB