2db0de7e3620be880d2943c2c503b49e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2db0de7e3620be880d2943c2c503b49e_JaffaCakes118
Size

59KB
MD5

2db0de7e3620be880d2943c2c503b49e
SHA1

35e82133d624d50202b9cc882bf3d8e23e1cd1c1
SHA256

279860c18627391aa353cb5b4addb16c87fcd1f319f5006645cde1af04a9c76e
SHA512

72f0f02d2b591173a337fefdef9d5d4887207f301887c9cb9c2176055cb4861c57d9cacb5e0cdabb05d3ab210930d5efdecec315123ced3a4e73e1fddb2fa4ce
SSDEEP

1536:vIO5QgNn7mr8JZJMjeaeW3wlpBeITaMTCNUR7a:vIO5PNaoEsY38Cf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2db0de7e3620be880d2943c2c503b49e_JaffaCakes118

Files

2db0de7e3620be880d2943c2c503b49e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5af5c2d36ea1c80a73d04143fbbd7748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetConsoleKeyboardLayoutNameW
GetFileSizeEx
HeapSize
GetThreadContext
IsBadWritePtr
EraseTape
CallNamedPipeA
LoadModule
UpdateResourceA
CreateNamedPipeA
LocalCompact
DelayLoadFailureHook
MoveFileWithProgressA
EnumSystemCodePagesW
SizeofResource
DeleteTimerQueue
FlushConsoleInputBuffer
GetStringTypeExA
IsDBCSLeadByte
GetLastError
GetAtomNameA
LocalFree
GetThreadPriorityBoost

msvcrt

_wcsnicoll
_CIatan2
atoi
_mbsspnp
labs
_spawnlp
sqrt
towlower
realloc
_utime
_toupper
_adj_fdivr_m64
_beginthreadex
_adj_fpatan
puts
_rmdir
_setjmp
_atoldbl
system
_wexecle
strrchr

gdi32

GetEUDCTimeStamp
MaskBlt
NamedEscape
CreateDCA
GdiStartPageEMF
GdiEndDocEMF
SetBoundsRect
CheckColorsInGamut
EnumFontFamiliesA
EnumMetaFile
EngQueryLocalTime
GetTextFaceAliasW
AddFontResourceExA
PtInRegion
ExtTextOutA
GetArcDirection
DPtoLP
GdiEntry5
UpdateICMRegKeyW
SetICMProfileW
GetGlyphIndicesA
GdiComment
RoundRect
CreateICW
GetEnhMetaFileHeader
GetBitmapDimensionEx

user32

GetInputDesktop
DefWindowProcW
MsgWaitForMultipleObjects
CopyImage
CloseClipboard
GetWindowThreadProcessId
GetScrollRange
LoadCursorA
GetUpdateRect
CreateAcceleratorTableA
RegisterShellHookWindow
ShowWindowAsync
DdeConnectList
IsDialogMessageA
IsDialogMessage
RegisterSystemThread
GetShellWindow
SetDoubleClickTime
GetScrollPos
EnumDesktopsA
TranslateMDISysAccel
SetDlgItemInt
LoadStringA
CascadeWindows
CreateDialogIndirectParamAorW
DdeNameService
User32InitializeImmEntryTable

shlwapi

StrRStrIW
StrCatW
PathAddExtensionA
PathRemoveFileSpecW
SHOpenRegStream2W
PathCreateFromUrlW
StrTrimW
PathUnExpandEnvStringsW
StrCSpnIA
UrlIsNoHistoryW
UrlHashW
PathGetCharTypeA
GetMenuPosFromID
UrlGetPartW
StrChrIW
ColorRGBToHLS
PathBuildRootW
UrlGetLocationW
PathIsDirectoryA
SHIsLowMemoryMachine

Exports

Exports

WufhnvNuphZvxth
HheUidw
CwbOuyyoNpfnzty
DzUvfehNjticzfTzvi
SmeNoueTelitKk
VeyRwuityCulvye
SnfFcwhWktcazYpdoflz
SwTiqtv
TlpBxnqRjquipJltmdpm

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5af5c2d36ea1c80a73d04143fbbd7748

Headers

File Characteristics

Imports

kernel32

msvcrt

gdi32

user32

shlwapi

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 49KB - Virtual size: 48KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 512B - Virtual size: 16B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 49KB - Virtual size: 48KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 512B - Virtual size: 16B