296e04abb00ea5f18ba021c34e486746_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

296e04abb00ea5f18ba021c34e486746_JaffaCakes118
Size

157KB
MD5

296e04abb00ea5f18ba021c34e486746
SHA1

5fdd7f613db43a5b0dbec8583d30ea7064983106
SHA256

2fe9c6ba336723e571776192d143e0dfa8289b3d3517bc3b86e47907f62f2543
SHA512

d694338c28b5f147ecaff6ce6c1bb2660899434d75a5299a0e8e39b7fdaaedea53b89d19792b9a1c181d8158f58e2d2bc093d3e3fa4a4d4206780228cd48c6f1
SSDEEP

3072:AymcmHDrwPl3unHH13bVOM+EUgsGiA5AuRnwo:IwP1ARkSTiFqwo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296e04abb00ea5f18ba021c34e486746_JaffaCakes118

Files

296e04abb00ea5f18ba021c34e486746_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2052b641951b4e42bc6bdfae574a2ac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
VirtualFree
CloseHandle
VirtualAlloc
GetModuleFileNameA
MoveFileExW
SetErrorMode
LocalFree
SystemTimeToFileTime
lstrlenA
lstrcpynA
GetVersionExA
GetFileAttributesA
lstrcmpiA
WriteFile
CreateFileA
ExpandEnvironmentStringsA
GetLastError
GetWindowsDirectoryA
GetCurrentProcess
TerminateThread
GetExitCodeThread
WaitForMultipleObjects
MultiByteToWideChar
LoadLibraryA
FreeLibrary
GetDriveTypeA
lstrcpyA
WideCharToMultiByte
lstrcpynW
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
lstrcatA
ReadFile
GetFileSize
GetSystemDirectoryA
lstrcmpiW
GetLocalTime
GetTickCount
GetVolumeInformationA
GetLogicalDriveStringsA
GetVersion
GetComputerNameA
Sleep
OpenProcess
GetCurrentThread
RaiseException
GetCurrentThreadId
GetSystemTime
GetVolumeNameForVolumeMountPointA
GetLogicalDrives
ProcessIdToSessionId
GetCurrentProcessId
TerminateProcess
GetCommandLineA
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
RtlUnwind
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
InterlockedExchange
InitializeCriticalSection
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
LocalAlloc

Exports

Exports

RpcNsBindingInit

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2052b641951b4e42bc6bdfae574a2ac6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 7KB - Virtual size: 84KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 7KB - Virtual size: 84KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB