ffe9f34ec472c0e74e2cf461498c8cd5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ffe9f34ec472c0e74e2cf461498c8cd5_JaffaCakes118
Size

52KB
MD5

ffe9f34ec472c0e74e2cf461498c8cd5
SHA1

6638bdc5500b97c6c17dd0be33c118ed1fe3a162
SHA256

dbbbed781d04852634fd739629fe59f7159ef5121c2b5ceb6963cb5d6388372c
SHA512

088ad73558afcfd661bab43a3996f532e7bc0c2bcd3c4742aa34b4f96c2d460488a7a076af67a9a2824ac5031a40dd4cf2b7191d31ed06c48c84bd1d4ea55fbc
SSDEEP

768:D5Nmjuhx5MyibfGWvEOrx1K7ft5AefX0M1j9wJmBmTLeLKlkxlNZ:dMacKPcx1Kz/AmXB1j9wJBOuclNZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffe9f34ec472c0e74e2cf461498c8cd5_JaffaCakes118

Files

ffe9f34ec472c0e74e2cf461498c8cd5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8515a66ee03518649ffca1dbfe0b00c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\RPCInstall\ReleaseDll\RPCInstall.pdb

Imports

urlmon

URLDownloadToFileA

kernel32

LocalFree
FormatMessageA
GetLastError
WaitForSingleObject
GetTempPathA
GetVolumeInformationA
CloseHandle
GetModuleFileNameA
CreateProcessA
HeapAlloc
RtlUnwind
ExitProcess
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InterlockedExchange
VirtualQuery
SetFilePointer
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
GetLocaleInfoA
VirtualProtect
GetSystemInfo
SetStdHandle
HeapSize
FlushFileBuffers

advapi32

RegSetValueExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA

Exports

Exports

RPCInstall

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8515a66ee03518649ffca1dbfe0b00c4

Headers

File Characteristics

PDB Paths

Imports

urlmon

kernel32

advapi32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB