42b951f17b156932a7435a4adc057170_JaffaCakes118

General

Target

42b951f17b156932a7435a4adc057170_JaffaCakes118
Size

190KB
MD5

42b951f17b156932a7435a4adc057170
SHA1

62a3b4585067e9431667743e349000e017ef3d6c
SHA256

1692678871d6f30907aacb1dc33abd2b3db34de999073d29ea69841ffb35fa41
SHA512

5bd1e3dbd7a9ab82e306d498fcb2ac2c67704dd65b812a4910497f082306e93948c8a654fd5925f7920af37f9d6a73518c4569afb7b384a3cb5cfbac28dc9a28
SSDEEP

3072:BsnALKqtRHM3PB3BDmFyf6wIscswewDUBiY20mrZJ5b+MW7QHmJAgZb0T72Edchl:IAlRHM3Z3BD+e6SweUUN20mHtW727WEe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42b951f17b156932a7435a4adc057170_JaffaCakes118

Files

42b951f17b156932a7435a4adc057170_JaffaCakes118
.dll windows:5 windows x86 arch:x86

52df07d7af3ffef7f1d9526ce687a19a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

nddenb32.pdb

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
strncpy
fclose
fputs
fopen
_snprintf
_vsnprintf
ctime
time

user32

CharUpperBuffA
PostMessageA
wsprintfA
LoadStringA

kernel32

DisableThreadLibraryCalls
GlobalFree
GlobalHandle
GlobalUnlock
lstrlenA
GlobalLock
GlobalAlloc
lstrcpyA
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
LocalAlloc
LocalFree

netapi32

Netbios

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource

Exports

Exports

Configure
ConfigureDlgProc
LogDebugInfo
NDDEAddConnection
NDDEDeleteConnection
NDDEGetCAPS
NDDEGetConnectionConfig
NDDEGetConnectionStatus
NDDEGetNewConnection
NDDEInit
NDDERcvPacket
NDDESetConnectionConfig
NDDEShutdown
NDDETimeSlice
NDDEXmtPacket

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52df07d7af3ffef7f1d9526ce687a19a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

kernel32

netapi32

advapi32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 173KB - Virtual size: 178KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 173KB - Virtual size: 178KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB