067784dc1b7233bc77cf5cab76ebbd45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

067784dc1b7233bc77cf5cab76ebbd45_JaffaCakes118
Size

129KB
MD5

067784dc1b7233bc77cf5cab76ebbd45
SHA1

d393677b1b5ade6a827eda50d531a703ecc0bad8
SHA256

cd36a9cb5c811902137015d613a60129bc7c3fb24f5680b587f4fc9eb46ae298
SHA512

1e3cf7546c8230a530d0bd3746d3699e9bd8dd81c6277b70ec4dea1cac0175c86e81025a06cef6895b0025aa48414205c503d5692b637684c7852811010e813a
SSDEEP

3072:jdgow6q/5fT+iviIz2q387RuJsLZj3rhxaYAxVmr:jxwdRfT+yP87Ruq9nhxOk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
067784dc1b7233bc77cf5cab76ebbd45_JaffaCakes118

Files

067784dc1b7233bc77cf5cab76ebbd45_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e59fe61661d97d418c47a6a943eebeee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetSystemTime
LocalAlloc
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SystemTimeToFileTime
lstrcatA
CreateThread
FreeLibrary
GetProcAddress
SetErrorMode
RaiseException
lstrlenA
lstrcpyA
lstrcmpiA
EnterCriticalSection
InterlockedDecrement
CreateEventW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedExchange
Sleep
WaitForMultipleObjects
lstrlenW
DebugBreak
GetLastError
CreateEventA
SetEvent
CloseHandle
GetCurrentThread
GetTickCount
LeaveCriticalSection
LocalFree
GetVersionExA
VirtualProtect

user32

PostMessageA
KillTimer
CharNextA
wsprintfA

advapi32

ReportEventA
GetTokenInformation
GetLengthSid
RegCloseKey
RegQueryValueExA
RegisterEventSourceA
OpenThreadToken
RegNotifyChangeKeyValue
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExW
DeregisterEventSource

ole32

CoRevokeClassObject
CoInitializeEx
CoAddRefServerProcess
CoRegisterClassObject
CoResumeClassObjects
CoUninitialize

rpcrt4

RpcBindingFree
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
RpcStringBindingComposeA
NdrFreeBuffer
NdrConvert
NdrSendReceive
NdrConformantStringMarshall
NdrGetBuffer
NdrConformantStringBufferSize
NdrClientInitializeNew
RpcRaiseException
NdrPointerUnmarshall
RpcStringFreeA

msvcrt

wcscmp
_adjust_fdiv
_onexit
__dllonexit
printf
towupper
_amsg_exit
exit
memcpy
memset
_cexit
_ismbblead
_acmdln
_lock
memmove
rand
srand
_except_handler3
_initterm
_errno
wcsstr
malloc
_beginthreadex
_itoa
_ultoa
free
bsearch
wcslen
wcscpy
qsort

msvcp60

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e59fe61661d97d418c47a6a943eebeee

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

msvcrt

msvcp60

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 29KB - Virtual size: 57KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 29KB - Virtual size: 57KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 2KB - Virtual size: 2KB