236c2b863f947ca67d510f3ab3a98cb5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

236c2b863f947ca67d510f3ab3a98cb5_JaffaCakes118
Size

443KB
MD5

236c2b863f947ca67d510f3ab3a98cb5
SHA1

84e4ef453fbc173c1573cd2d313d6d8503c8b08a
SHA256

c3f7565514256ccf20bb2c1b28435aaa477b08b467c3fe6a50d5d2373693dc36
SHA512

628b45ded70025aa1535a0db5c7b6e641bdeb6e5e7ee7bc50f387c0c1a2201e96044252892deaa2bc71a7e31c6cda550f5ed3a5f1a5558ab7560b6f6c75c4c51
SSDEEP

12288:YK35C9ksO63T1ljwUmo6uH/OhZ7dV5KKNt7:YK35HTQO1dR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
236c2b863f947ca67d510f3ab3a98cb5_JaffaCakes118

Files

236c2b863f947ca67d510f3ab3a98cb5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8dd86af14051372c1bbe1f9649995acd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
EnumResourceLanguagesW
EnumResourceTypesA
ExitProcess
GetACP
GetCommandLineA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetVersion
HeapAlloc
LeaveCriticalSection
LocalAlloc
MultiByteToWideChar
OpenFile
SetLastError
SetUnhandledExceptionFilter
Sleep
VirtualAlloc
VirtualFree
lstrcmpiA
lstrcpyA
lstrcpynA

msvcrt

fwprintf
free
_wcsicmp
__set_app_type
__getmainargs
__p__commode
exit

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateOleAdviseHolder
OleInitialize
OleQueryLinkFromData
RegisterDragDrop
StgCreateDocfile
StringFromGUID2
WriteClassStg
WriteClassStm

ntdll

NtOpenKey
NtOpenSymbolicLinkObject
NtOpenThreadToken
NtCreateSemaphore
RtlCharToInteger
RtlEnterCriticalSection
RtlInitString
RtlInitUnicodeString
RtlLeaveCriticalSection
RtlNtStatusToDosError
NtCreateSection
LdrUnloadDll
RtlAppendUnicodeStringToString

shlwapi

SHSetValueW
PathSkipRootW
PathIsUNCW
StrCmpIW
PathFindNextComponentW
PathFindFileNameW
PathFindExtensionW
StrFormatKBSizeW
StrRChrW
StrRetToBufW
PathAppendW
PathAddBackslashW
PathIsPrefixW
AssocCreate

comdlg32

ChooseColorA
CommDlgExtendedError
GetFileTitleW
GetOpenFileNameA
ChooseFontW
FindTextW
FindTextA
ChooseColorW
PrintDlgW
PageSetupDlgW
PageSetupDlgA
LoadAlterBitmap
GetSaveFileNameW
GetOpenFileNameW

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx

winmm

mixerGetLineInfoA
mmGetCurrentTask
midiStreamOpen

oleaut32

SafeArrayCreate
GetErrorInfo
ClearCustData
SetErrorInfo
SysFreeString
SysReAllocString
OleLoadPicture

user32

GetMenu
ShowCaret
OemToCharW
OemToCharBuffA
CharToOemBuffA
CharUpperA
CreateCursor
DrawCaption
EmptyClipboard
EnableScrollBar
GetMessageA
IsCharLowerA
LoadImageA
LoadMenuA
MessageBoxIndirectA

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 411KB - Virtual size: 995KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dd86af14051372c1bbe1f9649995acd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ole32

ntdll

shlwapi

comdlg32

comctl32

winmm

oleaut32

user32

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 411KB - Virtual size: 995KB

.rsrc Size: 21KB - Virtual size: 20KB

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 411KB - Virtual size: 995KB

.rsrc
Size: 21KB - Virtual size: 20KB