2d38c43c2d26cd8960e2d9d98bf93cd4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d38c43c2d26cd8960e2d9d98bf93cd4_JaffaCakes118
Size

131KB
MD5

2d38c43c2d26cd8960e2d9d98bf93cd4
SHA1

7e97692fd36416d74ebb29a469c53513d08c179a
SHA256

f8cbc0b727cdf4db06e5a9681bb13090a338a0b8dd884b6b30a722e6b02e2eb7
SHA512

acc1d981341e5a7650a83a251b147701383a23cb0304d35c36c1e94124bdebf560ecb9bdcf2c24102d308d2f87dc3e7025787aecf6c7c4e4c089125b043f244f
SSDEEP

1536:rlPXdgfniqXmFiMNwPB8zrfEOnZG4e9em3RrIojfVPDXsgdxQfjwY/GiE1bdLFpJ:h/Wviq+iLSknHhUcBZLY/re

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d38c43c2d26cd8960e2d9d98bf93cd4_JaffaCakes118

Files

2d38c43c2d26cd8960e2d9d98bf93cd4_JaffaCakes118
.dll windows:6 windows x64 arch:x64

bba0da4ef923281fc36679dde9a3a97e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

url.pdb

Imports

msvcrt

memset
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
memmove
_vsnprintf

kernel32

LocalAlloc
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
SetLastError
GetSystemWindowsDirectoryA
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError

user32

CharPrevA
CharNextA

shell32

ord102
ShellExecuteA

iertutil

ord9

shlwapi

ord437
PathCreateFromUrlA
SHRegGetValueA
ord1
StrChrA
StrCmpNIA

ieframe

URLQualifyW
URLQualifyA

Exports

Exports

AddMIMEFileTypesPS
AutodialHookCallback
FileProtocolHandler
FileProtocolHandlerA
InetIsOffline
MIMEAssociationDialogA
MIMEAssociationDialogW
MailToProtocolHandler
MailToProtocolHandlerA
OpenURL
OpenURLA
TelnetProtocolHandler
TelnetProtocolHandlerA
TranslateURLA
TranslateURLW
URLAssociationDialogA
URLAssociationDialogW

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bba0da4ef923281fc36679dde9a3a97e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

shell32

iertutil

shlwapi

ieframe

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 360B

.rsrc Size: 118KB - Virtual size: 118KB

.reloc Size: 512B - Virtual size: 348B

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 360B

.rsrc
Size: 118KB - Virtual size: 118KB

.reloc
Size: 512B - Virtual size: 348B