0fa6c55632800cc37c8f7917b1e07c54_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fa6c55632800cc37c8f7917b1e07c54_JaffaCakes118
Size

7.7MB
MD5

0fa6c55632800cc37c8f7917b1e07c54
SHA1

b64734ca02afff5bdb19effba054d33c5666adc0
SHA256

de8423e36a9f03daa3994a08b2151b9a110024e8c34457b5e35d9dfad9b1ebab
SHA512

cd99bbfa43529d28130bf2469ab517c15422046b322f23b8c330da93f64201aaf046c8f694819e3400e9d9a4a3aaceae3b47eb302ce501b3d3b8edaf227a36a6
SSDEEP

98304:THZX4+43Lm6hezYw66HsiWU6bbie0G+dVZH9Ki/SazZFMwl4MlZYdWMZ0//Xmmtk:9yi6hKLVpM2PZHsjwFMdWU0//WmK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fa6c55632800cc37c8f7917b1e07c54_JaffaCakes118

Files

0fa6c55632800cc37c8f7917b1e07c54_JaffaCakes118
.dll windows:5 windows x86 arch:x86

094c4c8a490fed4a9fd2cc851de84786

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Documents and Settings\Administrator\Desktop\ShellExec\out\release\vvphpdit.pdb

Imports

kernel32

GetUserDefaultLangID
GlobalAlloc
GetSystemPowerStatus
MultiByteToWideChar
lstrlenW
CreateJobObjectA
lstrcmpiA
VirtualAlloc
VerLanguageNameA
SetFileAttributesA
GetModuleFileNameA
VirtualProtect
GetModuleHandleW
WriteConsoleW
IsProcessorFeaturePresent
HeapSize
LoadLibraryW
GetProcessHeap
SetEndOfFile
GetConsoleMode
GetConsoleCP
VirtualQuery
SetEnvironmentVariableW
lstrlenA
GetFullPathNameW
GetStringTypeW
LCMapStringW
RtlUnwind
GetLastError
HeapAlloc
ReadFile
SetFilePointer
HeapReAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetFileType
SetHandleCount
GetStdHandle
GetStartupInfoW
DeleteCriticalSection
EncodePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetProcAddress
CloseHandle
CreateFileA
CreateFileW
ExitProcess
WriteFile
GetModuleFileNameW
HeapCreate
HeapDestroy
HeapFree
Sleep
RaiseException
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FlushFileBuffers

user32

GetDlgItem
EnumPropsW
DefWindowProcW
GetForegroundWindow
RegisterClassExW
LoadMenuA
GetComboBoxInfo
IsWindowVisible
EnableWindow
FindWindowA

comdlg32

GetOpenFileNameA

advapi32

ImpersonateNamedPipeClient
RegOpenKeyA

ole32

OleInitialize

shlwapi

StrNCatA
PathAppendA
PathCombineA
PathRemoveFileSpecA
PathStripPathA

Exports

Exports

w09IRaenw59foxwv
RBpxAnUDZSeiz
cmfvdwztqoytx
tffyboocefxnl
zbvxpcjsgczlrx

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

094c4c8a490fed4a9fd2cc851de84786

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comdlg32

advapi32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 6KB