4102f370aaf46629575daffbd5a0b3c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4102f370aaf46629575daffbd5a0b3c9_JaffaCakes118
Size

245KB
MD5

4102f370aaf46629575daffbd5a0b3c9
SHA1

efe9462bfa3564fe031b5ff0f2e4f8db8ef22882
SHA256

004c99be0c355e1265b783aae557c198bcc92ee84ed49df70db927a726c842f3
SHA512

ee5baca230286256615cfc1f2b743061aab43858eb4751c0ca488e86df6e1086b34cb0e96479d391959de173520bafb22abb73a5ec988557eb64b27d5d912daf
SSDEEP

3072:c4XrKHxtu7gi1BlZQfSEKkPEdjgeP3wz9aZHi2UVL53UXPcRoC:BORtu7gi/p7P3sQHPidu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4102f370aaf46629575daffbd5a0b3c9_JaffaCakes118

Files

4102f370aaf46629575daffbd5a0b3c9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

61d0a788edb5dc3390fda71d6719ab12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
FindResourceW
SizeofResource
LoadResource
LockResource
GetEnvironmentVariableW
GetTempFileNameW
GetModuleHandleExW
FormatMessageA
LocalFree
GetModuleHandleW
GetLastError
DeleteFileW
WaitForMultipleObjects
CreateThread
TerminateThread
GetExitCodeThread
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
CreateFileW
GetModuleHandleA
GetStringTypeW
InitializeCriticalSection
GetLocalTime
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
MultiByteToWideChar
HeapFree
GetProcessHeap
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
ExitProcess
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

StringFromCLSID
CoInitializeEx
CoUninitialize
CoCreateInstanceEx
CoTaskMemFree

oleaut32

VariantCopy
VariantClear
VariantInit
GetErrorInfo

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

crypt32

CryptStringToBinaryA

Exports

Exports

runDll

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61d0a788edb5dc3390fda71d6719ab12

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

mpr

crypt32

Exports

Exports

Sections

.text Size: 179KB - Virtual size: 179KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 18KB - Virtual size: 25KB

.rsrc Size: 1024B - Virtual size: 884B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 179KB - Virtual size: 179KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 18KB - Virtual size: 25KB

.rsrc
Size: 1024B - Virtual size: 884B

.reloc
Size: 12KB - Virtual size: 12KB