749135852a9d339ccaf8bdf9f3607b6d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

749135852a9d339ccaf8bdf9f3607b6d_JaffaCakes118
Size

22KB
MD5

749135852a9d339ccaf8bdf9f3607b6d
SHA1

24433bc77164e8dbcd9640868d9e201cfe956e85
SHA256

7a4333199006bb02016dfd758e8240ad1b2969e8d20e848e5928391b63778c81
SHA512

42931035dcaeabb5e6ef8f81f008b519979547269babe48f80713802c1d1877e1ee4f090b0942ea45e5e521f1a86f502fe7cd26f5980c6644c6206bd384c9556
SSDEEP

384:JMo3+4U5YGRklqxqrkVnvqcCOgYDIu1jkoze0PuxNDyejIeIk7vvxlLnW9GgWR:W5NUohvo78koK02zfhIk7DTP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
749135852a9d339ccaf8bdf9f3607b6d_JaffaCakes118

Files

749135852a9d339ccaf8bdf9f3607b6d_JaffaCakes118
.dll windows:6 windows x86 arch:x86

559a8992e8c1b7a6ce39cb8be70edb70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary

api-ms-win-core-com-l1-1-0

CoTaskMemFree

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-core-registry-l1-1-0

RegCloseKey

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

ntdll

NtQueryKey

oleaut32

SysStringByteLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.MPRESS1
Size: 16KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

559a8992e8c1b7a6ce39cb8be70edb70

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-debug-l1-1-0

ntdll

oleaut32

Exports

Exports

Sections

.MPRESS1 Size: 16KB - Virtual size: 52KB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 1020B

.MPRESS1
Size: 16KB - Virtual size: 52KB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1020B