a3d4a2d0ff0e9d1ab550da0118ca030d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3d4a2d0ff0e9d1ab550da0118ca030d_JaffaCakes118
Size

719KB
MD5

a3d4a2d0ff0e9d1ab550da0118ca030d
SHA1

d2ed8e27c1171cb13ab6b2d5def9944eb8fb95b1
SHA256

4223565b2e7343b46f1092c78fc655ff3d63315d5e64483e81ee2db192f92268
SHA512

852cafb36de22e1673a25ae37457f3b281312d2d9a2769b777eaf055766eef00c8b0c3ccc93cd00439d033f79b1fdb3223245b61d030b06fd3e8015acbb16a7a
SSDEEP

12288:EzT152LYwNwt+I8LFktPqU1FCqckxaq/butNxReGtQ1D5Xq32w3HXFLPaIU+H8NJ:Ezbv4wLPqACUaqKtNxApqxLBUxq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3d4a2d0ff0e9d1ab550da0118ca030d_JaffaCakes118

Files

a3d4a2d0ff0e9d1ab550da0118ca030d_JaffaCakes118
.dll windows:5 windows x64 arch:x64

4494230761600cc31b74c7b661a443be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtectEx
OpenThread
GetSystemInfo
GetThreadPriority
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
SuspendThread
ResumeThread
EnterCriticalSection
SetEnvironmentVariableW
GetVersionExW
DisableThreadLibraryCalls
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
VirtualProtect
GetCurrentDirectoryA
CreateThread
VirtualAlloc
GetProcAddress
FlushInstructionCache
SetThreadPriority
LeaveCriticalSection
Sleep
InitializeCriticalSection
VirtualFree
GetModuleHandleW
GetCurrentProcess
VirtualQuery
GetThreadContext
CreateFileA
FlushConsoleInputBuffer
LoadLibraryW
FreeLibrary
GlobalMemoryStatus
GetStdHandle
GetFileType
MultiByteToWideChar
GetVersion
GetLastError
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetCurrentThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DecodePointer
EncodePointer
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetProcessWindowStation
GetUserObjectInformationW
GetMessageW
UnregisterClassW
PostMessageW
FindWindowExA
TranslateMessage
RegisterClassExW
ShowWindow
CreateWindowExW
MessageBoxW
MessageBoxExW
DefWindowProcW
DispatchMessageW
GetDesktopWindow

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

msvcr100

fclose
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
feof
ftell
_fileno
_setmode
fwrite
??3@YAXPEAX@Z
memset
wcsstr
_wfopen
_access
??_U@YAPEAX_K@Z
sprintf
strtoul
strchr
malloc
free
isspace
printf
_snprintf
fflush
__iob_func
memmove
_wassert
fseek
fgets
fopen
fread
ferror
_errno
_strnicmp
atoi
isxdigit
tolower
isupper
strncmp
_gmtime64
fputs
signal
strstr
memcpy
_time64
strncpy
realloc
memcmp
qsort
sscanf
getenv
_vsnwprintf
vfprintf
_exit
raise
isdigit
strcmp
fprintf
_getch

shlwapi

PathAddBackslashW
PathFileExistsW
PathAppendW

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW

Sections

.text
Size: - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.3dm0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.3dm1
Size: - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.3dm2
Size: 717KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4494230761600cc31b74c7b661a443be

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcr100

shlwapi

advapi32

Sections

.text Size: - Virtual size: 481KB

.rdata Size: - Virtual size: 372KB

.data Size: - Virtual size: 314KB

.pdata Size: - Virtual size: 28KB

.rsrc Size: 512B - Virtual size: 436B

.3dm0 Size: - Virtual size: 14KB

.3dm1 Size: - Virtual size: 259KB

.3dm2 Size: 717KB - Virtual size: 716KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 481KB

.rdata
Size: - Virtual size: 372KB

.data
Size: - Virtual size: 314KB

.pdata
Size: - Virtual size: 28KB

.rsrc
Size: 512B - Virtual size: 436B

.3dm0
Size: - Virtual size: 14KB

.3dm1
Size: - Virtual size: 259KB

.3dm2
Size: 717KB - Virtual size: 716KB

.reloc
Size: 512B - Virtual size: 12B