33dbb190e98262060c220eeb688698a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33dbb190e98262060c220eeb688698a4_JaffaCakes118
Size

54KB
MD5

33dbb190e98262060c220eeb688698a4
SHA1

37906e902773a8f57fae0c05cb3767525bdc7ae3
SHA256

c9f0c328b4f586b67069b5161089e1df5f67f302e319d01270b5ef7327aed9ae
SHA512

170260f6d1024bb1e5a53c26f0fb8d9612b3214ae02068ab2d43a3a403a06682102ffa635c3fadb2bf372ec131bffc780862e4781412ed94c310b7093c197b06
SSDEEP

1536:yhGF9yNh+v8AJl5rphBOfxr6LTdbYIQrCISd+NlPWBf:ByNotJDDbLTCIQrQd+NNW1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33dbb190e98262060c220eeb688698a4_JaffaCakes118

Files

33dbb190e98262060c220eeb688698a4_JaffaCakes118
.dll windows:6 windows x86 arch:x86

819a17be5a22fd137db35fd9b257082c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MonitorFromWindow
PostQuitMessage
GetDC
CopyRect
GetWindowRect
DeleteMenu
EnableWindow
GetDesktopWindow
SetParent
WindowFromPoint
GetNextDlgGroupItem
ChildWindowFromPoint
GetMenuItemCount
GetMenuItemID
GetMenu
GetCursorPos

kernel32

FileTimeToSystemTime
WriteFile
LockResource
EnterCriticalSection
GetTickCount
VirtualQueryEx
GetModuleHandleA
LocalAlloc
SetLastError
SetFilePointer
UnmapViewOfFile
MapViewOfFile
GetLastError
ReleaseMutex
QueryPerformanceCounter
WaitForMultipleObjects
CreateFileMappingA

msdmeprn

ImmGetGuideLineA
ImmGetHotKey
SdbTagIDToTagRef
SdbFindFirstTagRef
SdbOpenApphelpInformation
ImmReleaseContext
PifMgr_CloseProperties
ImmIMPGetIMEA
SdbGetPermLayerKeys
SdbGetStandardDatabaseGUID
ImmGetConversionStatus
ImmTranslateMessage
ImmDestroyContext
ImmGetStatusWindowPos
DllRegisterServer
ImmCallImeConsoleIME
ImmSetCompositionFontA
CtfImmIsGuidMapEnable
CallCPLEntry16
SdbGetEntryFlags
ImmSendIMEMessageExA
CtfImmTIMActivate
ShimFlushCache
PathCleanupSpec
ImmLockClientImc
ImmGetContext
CtfImmIsTextFrameServiceDisabled
ImmCreateSoftKeyboard
DAD_SetDragImage
SdbInitDatabase
PathProcessCommand
ILLoadFromStream
ImmRequestMessageA
ImmGetIMCCSize
ILFindChild
ExtractIconResInfoA
ImmUnregisterWordA
ImmInstallIMEA
SdbQueryData
ImmIsIME
SdbQueryApphelpInformation
ImmFreeLayout

ntdll

_aulldvrm

netapi32

NetApiBufferFree
NetShareEnum
NetShareGetInfo
NetApiBufferSize

advapi32

CloseEncryptedFileRaw
WriteEncryptedFileRaw
RegQueryValueExA

Exports

Exports

CreateProcessNotify
shutsort

Sections

.text
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

819a17be5a22fd137db35fd9b257082c

Headers

File Characteristics

Imports

user32

kernel32

msdmeprn

ntdll

netapi32

advapi32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 48KB

.rdata Size: 3KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 48KB

.rdata
Size: 3KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB