09e94ebad4f7b33faf6bab42b61ffc22_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

09e94ebad4f7b33faf6bab42b61ffc22_JaffaCakes118
Size

106KB
MD5

09e94ebad4f7b33faf6bab42b61ffc22
SHA1

b472dc13b1d38b64a710ca723d0c5ac43d661e7d
SHA256

c325fe89963b3673af763f2a9262ac33fc3f7c0b03ca6217b4a6138785c3ed25
SHA512

3769c34c95a3330a828a57f75e1a1febe79114f31c24d5f2c3e259393a4bf1d367ba29efc8308d9f790861d390058640c62fdebefe0721e875afd9ddfbbdaa7f
SSDEEP

3072:Z+HRkN0xNC3o02t3JYseV06MsKbeQhFjAabKMMiU1m9:Zc2A9JjenM/bKNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09e94ebad4f7b33faf6bab42b61ffc22_JaffaCakes118

Files

09e94ebad4f7b33faf6bab42b61ffc22_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6a1a9fe3af87ec0f5857e1ddac28255a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

VariantCopyInd
VariantClear
SysFreeString
SysAllocStringLen
LoadTypeLib

advapi32

SetSecurityDescriptorDacl
QueryServiceStatus
OpenServiceA
OpenProcessToken
InitializeSecurityDescriptor
DeleteService
CreateServiceA
ControlService
AdjustTokenPrivileges

ole32

WriteFmtUserTypeStg
OleInitialize
GetConvertStg
CreateDataAdviseHolder
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
OleGetClipboard
CoRegisterMessageFilter
CoFileTimeNow

user32

OemToCharA
MessageBoxIndirectA
MessageBeep
GetFocus
GetDlgItem
DrawStateA
DestroyWindow
CreateIconFromResource
CreateDesktopW
CharToOemA
CharPrevA
ToAscii

shell32

SHGetFileInfoA
SHGetMalloc
SHFileOperationA

shlwapi

PathQuoteSpacesA
PathUnquoteSpacesA
SHAutoComplete
StrChrA
PathMatchSpecA
PathFindExtensionA
PathCompactPathExA
PathAppendA
PathIsRelativeA
PathIsDirectoryA
PathFindFileNameA
StrStrIA

msvcrt

strtol
sscanf
memchr
malloc
_except_handler3

kernel32

lstrcmpiA
lstrcpynA
SetCurrentDirectoryA
RtlUnwind
RaiseException
MapViewOfFile
LoadResource
LoadLibraryA
InitializeCriticalSection
GetStartupInfoA
EnumResourceNamesA
CloseHandle
lstrcmpA

Exports

Exports

Flm
Ggy
Gpd
Hys
Oox
Urb
Vxu
Zpk

Sections

.text
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a1a9fe3af87ec0f5857e1ddac28255a

Headers

File Characteristics

Imports

oleaut32

advapi32

ole32

user32

shell32

shlwapi

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 28KB

.rdata Size: 29KB - Virtual size: 32KB

.data Size: 21KB - Virtual size: 24KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 28KB

.text
Size: 27KB - Virtual size: 28KB

.rdata
Size: 29KB - Virtual size: 32KB

.data
Size: 21KB - Virtual size: 24KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 28KB