18af959c0f9add51b758a1e7d34b7498_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

18af959c0f9add51b758a1e7d34b7498_JaffaCakes118
Size

71KB
MD5

18af959c0f9add51b758a1e7d34b7498
SHA1

31646ee1b043c8f22ffc98ee9219c99ff2ff8180
SHA256

751dccd889fb6d32ff3aff2ee750b411b065427a8b87073dd440cb03387c9c8a
SHA512

8da89396f3677be4892b5b35a033c9bcb1716083480899702ac51565191844d3539fac1835e3acba5251d8194e4f69167d4550bcea9b70e6b7b5acc46f98eef7
SSDEEP

1536:b/7O0YFZTw2iInJ1o0ZtgyYNYwtklyNy3FMag1fv53E3xCNqT9:b/7OpM2HJFONfAxMBf9Sxr9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18af959c0f9add51b758a1e7d34b7498_JaffaCakes118

Files

18af959c0f9add51b758a1e7d34b7498_JaffaCakes118
.dll windows:5 windows x86 arch:x86

378d83ee5ab4a8b2767b2d276f6626cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cmcfg32.pdb

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free

cmutil

CmStrrchrA
CmFmtMsgA

advapi32

SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorDacl
SetNamedSecurityInfoA
RegEnumValueA
RegQueryValueExA
GetSidLengthRequired
InitializeSid
RegCloseKey
RegOpenKeyExA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetSidSubAuthority

kernel32

GetProcessHeap
HeapAlloc
HeapFree
GetVersionExA
GetSystemInfo
CreateDirectoryA
lstrcmpiA
SetLastError
DisableThreadLibraryCalls
GetPrivateProfileStringA
GetSystemDirectoryA
GetPrivateProfileIntA
GetLastError
CloseHandle
CreateFileA
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA
GetWindowsDirectoryA
MoveFileA
SetUnhandledExceptionFilter
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
GetCurrentDirectoryA
LocalFree
FreeLibrary
FormatMessageA
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA

user32

MessageBoxA
wsprintfA
MessageBoxExA
LoadStringA
CharNextA
CharPrevA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

CMConfig
CMConfigEx
CmstpExtensionProc
_CMConfig@8

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

378d83ee5ab4a8b2767b2d276f6626cc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

cmutil

advapi32

kernel32

shell32

user32

version

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.data Size: 56KB - Virtual size: 56KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 790B

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 790B