4145dcd71e715138aead07e4554311e1_JaffaCakes118

General

Target

4145dcd71e715138aead07e4554311e1_JaffaCakes118
Size

196KB
MD5

4145dcd71e715138aead07e4554311e1
SHA1

d28428a0f738c81cf88a2b8ea91ae6967a5f3a00
SHA256

117a9f32acf148c14b4e2325ec72557f0aa28bd3911e65558dfa52fbb4a1213b
SHA512

af300b485942f666b01affcdde95e6b068c538a4c225e604853dd3f33a802a33b1ccc8be13534abdbd92a80d7fe2c1339e3ac6ecaf34dfa5ccf818259d82aeee
SSDEEP

3072:QPpHqbBwPe9NeJpwS4mUAClAKOBdoubIKXGIDBYPG41Wy:XwCNU2pzA1BdotKJBIG4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4145dcd71e715138aead07e4554311e1_JaffaCakes118

Files

4145dcd71e715138aead07e4554311e1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b934ab94741d8f059ce9b6e69bdc2bd2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTime
LoadLibraryW
GetEnvironmentVariableW
FindFirstFileW
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
FindClose
CreateDirectoryW
SetFileAttributesW
FreeLibrary
DeleteFileW

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA

shell32

SHGetSpecialFolderPathW

magcore

Mag0UnregisterClass
Mag0RegisterClass
Mag0GetObjDataC

msvcrt

_adjust_fdiv
malloc
_initterm
free
_onexit
??3@YAXPAX@Z
fread
??2@YAPAXI@Z
ftell
fseek
fputws
fclose
_wfopen
wcscat
_vsnwprintf
wcslen
swprintf
__CxxFrameHandler
wcscpy
wcsrchr
time
fopen
__dllonexit
_wcsnicmp

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Exports

Exports

Mag0Init
Mag0InitLogCtrl
Mag0Uninit
Mag0UninitLogCtrl

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b934ab94741d8f059ce9b6e69bdc2bd2

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

magcore

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 172KB - Virtual size: 170KB

.rsrc Size: 4KB - Virtual size: 976B

.reloc Size: 4KB - Virtual size: 796B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 172KB - Virtual size: 170KB

.rsrc
Size: 4KB - Virtual size: 976B

.reloc
Size: 4KB - Virtual size: 796B