20f8a73666935c10400f377164457ad5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

20f8a73666935c10400f377164457ad5_JaffaCakes118
Size

213KB
MD5

20f8a73666935c10400f377164457ad5
SHA1

52fe0407ae3f175cb7b6a069155b303f82e77e95
SHA256

0bd6bede744867313cdb96a6f32a7682de58b074108398ab58d78b4c1eb10e04
SHA512

056ddd75e85a31357c67acf5edcb61ac2085adb1b06c9d9b7d05a5122abfcca403b9a441ae94304cd0ef545ccda2abde4b4330ed638d778c1ba7bb8f71d69994
SSDEEP

3072:wYfSiYH/CQOcjW40yU3x8f7NPbEc0kPKlZ70CXXpzmQzLaO1/xx1AmNt9dbibtyc:RUHKQpfdUYlbSyK/0KpmQzLae1tfHkw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20f8a73666935c10400f377164457ad5_JaffaCakes118

Files

20f8a73666935c10400f377164457ad5_JaffaCakes118
.dll windows:6 windows x86 arch:x86

07b2335198767048e693c94a80e8ce69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mf3216.pdb

Imports

ntdll

RtlInitUnicodeString
NtOpenKey
NtQueryValueKey
NtClose
DbgPrint
_CIsqrt
RtlUnicodeToMultiByteN
memset
_CIcos
_CIsin
memmove
memcpy

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
WideCharToMultiByte
IsDBCSLeadByteEx
MulDiv
LocalReAlloc
SetLastError
LocalAlloc
LocalFree

gdi32

GetPaletteEntries
IsValidEnhMetaRecordOffExt
CreateICA
IsValidEnhMetaRecord
ModifyWorldTransform
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
SetMapMode
SetVirtualResolution
SetTextAlign
ExtTextOutA
ExtTextOutW
GetTextAlign
GetTextCharsetInfo
TranslateCharsetInfo
OffsetClipRgn
SetMetaRgn
GetRegionData
ExtCreateRegion
GetRgnBox
CombineRgn
GetRandomRgn
IntersectClipRect
ExcludeClipRect
PolyPolygon
GetPath
StrokePath
StrokeAndFillPath
FillPath
CloseFigure
AbortPath
FlattenPath
RestoreDC
EndPath
Arc
Chord
Pie
PolyDraw
RoundRect
PolyBezier
PolyBezierTo
AngleArc
Ellipse
Rectangle
BeginPath
SaveDC
DeleteDC
SetWorldTransform
SetGraphicsMode
CreateCompatibleDC
GetDIBits
DeleteObject
StretchBlt
OffsetViewportOrgEx
SelectObject
CreateDIBitmap
SetDIBits
BitBlt
StretchDIBits
PatBlt
CreateBitmap
DPtoLP
PlgBlt
GetStockObject
SelectPalette
GetObjectA
ResizePalette
SetPaletteEntries
CreatePalette
SetArcDirection
MoveToEx
ArcTo
GetCurrentPositionEx
CreateFontIndirectW
SetMapperFlags
LineTo
Polygon
Polyline
PolylineTo
SetBkMode
DeleteEnhMetaFile
GetWinMetaFileBits
CloseEnhMetaFile
PlayEnhMetaFile
CreateEnhMetaFileA
CombineTransform
GetDeviceCaps
GetTransform
SetEnhMetaFileBits
GetObjectW
CreateBrushIndirect
CreatePatternBrush
CreateDIBPatternBrushPt
CreatePen
WidenPath
SelectClipPath
ExtSelectClipRgn
CreateRectRgn

Exports

Exports

ConvertEmfToWmf
Mf3216DllInitialize

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07b2335198767048e693c94a80e8ce69

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

gdi32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.data Size: 173KB - Virtual size: 173KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 35KB

.data
Size: 173KB - Virtual size: 173KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB