42f5786561a101714617d6c2f5caec64_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

42f5786561a101714617d6c2f5caec64_JaffaCakes118
Size

102KB
MD5

42f5786561a101714617d6c2f5caec64
SHA1

75bbb72298531ecec73ef933844ada783de3cd9a
SHA256

952c01cbd40c9e776f9d3e42564c3788f7c6503c3fdcf297ec511e5b422d3311
SHA512

3e030cac0fa870df1384031714251186b1377a51e797c053823e452029c15487ccde1ad5ba8f7e547f52a3dcad918f36b11e15d1064315b080912451ef6e54a1
SSDEEP

3072:yAb8WyX8YOG3530XilzSjx/WaFtOodo6Akf:yu8WyX8YdG8zSjxvw6n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42f5786561a101714617d6c2f5caec64_JaffaCakes118

Files

42f5786561a101714617d6c2f5caec64_JaffaCakes118
.dll windows:4 windows x86 arch:x86

36b0f89308f83bd4d34751e20087459f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
InterlockedCompareExchange
GetLocalTime
lstrcatW
lstrcpyW
lstrlenW
GetLocaleInfoA
RtlMoveMemory
LocalReAlloc
MulDiv
ReleaseSemaphore
GetCurrentThread
GetVersionExA
InterlockedIncrement
InterlockedDecrement
LCMapStringW
MultiByteToWideChar
InterlockedExchangeAdd
lstrlenA
WaitForMultipleObjects
DeleteFileA
SetFileTime
CreateFileA
CopyFileA
FindClose
FlushFileBuffers
VirtualProtect
CopyFileW
MoveFileA
WriteFile
PulseEvent
FindFirstFileA
FindNextFileA
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
HeapAlloc
HeapFree
GetLastError
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
RaiseException
LoadLibraryA
InterlockedExchange
LocalFree
LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentThreadId
QueryPerformanceCounter
GetSystemDirectoryW
DeleteCriticalSection
FreeLibrary
HeapDestroy
SetLastError
WaitForSingleObject
GetCurrentProcessId
GetTickCount
GetCommandLineA

user32

CharNextExA
wsprintfW
wsprintfA

advapi32

InitializeAcl
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
CryptCreateHash
CryptVerifySignatureA
CryptImportKey
CryptExportKey
CryptHashData
CryptSignHashA
CryptDestroyKey
CryptGenKey
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
SetThreadToken
OpenThreadToken
CryptSetProvParam
CryptReleaseContext
CryptAcquireContextA
AddAccessAllowedAce
RegQueryValueExA
RegSetValueExA
FreeSid
RegOpenKeyA
SetSecurityDescriptorDacl
RegEnumKeyExW

gdi32

CloseEnhMetaFile
GetTextAlign
ExtTextOutA
GetRgnBox
CombineRgn
DeleteObject
MoveToEx
CreateDIBSection
GetDIBits
CreateFontIndirectA
GetCurrentPositionEx
LineTo
Polyline
Polygon
GetRandomRgn
GetRegionData
GetWinMetaFileBits
PlayEnhMetaFile
SetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
CreateEnhMetaFileA
SetEnhMetaFileBits
ExtSelectClipRgn
CreateRectRgn
SelectClipRgn
GetClipRgn
DeleteEnhMetaFile
ExcludeClipRect
ExtCreateRegion
OffsetClipRgn
IntersectClipRect

ole32

CoRegisterClassObject

msvcrt

scanf
strncpy
swscanf
_stricmp
wcslen
_wcsicmp
wcsrchr
setlocale
_ultoa
strrchr
wcscspn
wcscat
_mbslen
_mbscspn
_ismbcprint
wcscmp
atol
memset
_adjust_fdiv
_amsg_exit
free
_XcptFilter
memcpy
_snprintf
_initterm
malloc
wcscpy
_except_handler3
??3@YAXPAX@Z
__CxxFrameHandler
iswprint

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36b0f89308f83bd4d34751e20087459f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

msvcrt

msvcp60

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 34KB - Virtual size: 68KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 34KB - Virtual size: 68KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB