29562d27b990e95f1243360668149784_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

29562d27b990e95f1243360668149784_JaffaCakes118
Size

133KB
MD5

29562d27b990e95f1243360668149784
SHA1

dd009d3f9657816d970eb4e65d103539d2169f31
SHA256

49a7b782c0122d987e255d37c2077be342f09df1d9d482b6ab33cc3362ebb918
SHA512

ebb9ead36ce34ec2b8b0d04f46020d89ebcf918179e474b44dee5ebff79f7463305367f7677a60ddde2b75db01b78040e64b56ef1f82065edfa165c998b5168f
SSDEEP

3072:G3MqqDL2/7RePjK0O3kayg9v+NmHV5teET7VmynzaYkuXjrSyEU:G8qqDL62ODR9vFtzRXjRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29562d27b990e95f1243360668149784_JaffaCakes118

Files

29562d27b990e95f1243360668149784_JaffaCakes118
.dll windows:6 windows x86 arch:x86

6439521af9a72a501539b7935070f040

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aaclient.pdb

Imports

msvcrt

free
memset
malloc
_ltow
_ultow
wcsrchr
__CxxFrameHandler
_onexit
_lock
__dllonexit
_unlock
memcpy
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_purecall

ntdll

RtlUnwind
VerSetConditionMask

ws2_32

htonl

kernel32

lstrlenW
WideCharToMultiByte
LoadLibraryExW
VerifyVersionInfoW
RegisterWaitForSingleObject
UnregisterWaitEx
WaitForSingleObject
GetProcessHeap
HeapAlloc
HeapFree
GetComputerNameW
FreeLibrary
SetEvent
CreateEventW
GetLastError
GetProcAddress
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateThread
CreateIoCompletionPort
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead
LocalAlloc
LocalFree
GetComputerNameExW
InterlockedExchange
Sleep
InterlockedCompareExchange
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion
GetModuleFileNameW

crypt32

CertFreeCertificateContext
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CryptUnprotectData

advapi32

RegSetValueExW
RegCreateKeyExW
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegDeleteValueW
RegDeleteKeyW
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CredUnmarshalCredentialW
CredFree

mstscax

RegisterTransportExtDll

rpcrt4

I_RpcExceptionFilter
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2

Exports

Exports

LoadClientAdapter
OpenKeyReader
OpenKeyReaderWriter
g_fnStartTransport

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6439521af9a72a501539b7935070f040

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

ws2_32

kernel32

crypt32

advapi32

mstscax

rpcrt4

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 116KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 116KB - Virtual size: 116KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB