42f5ef35d340e92f949e7ead4ffad6b4_JaffaCakes118

General

Target

42f5ef35d340e92f949e7ead4ffad6b4_JaffaCakes118
Size

475KB
MD5

42f5ef35d340e92f949e7ead4ffad6b4
SHA1

1ff97847b5cf912a6ceb35636085ac333adb7e84
SHA256

b52018d8a94a1571866b376d850345ebad0c6efe0a0b7d5db260e2383506cf87
SHA512

b474e375e9e4f049bdef50942da824bb7d60bab23d56b2439357e7b027a9a03918db2f3d0b62a110068b0b6f05bc7a8dbf68efc782393388585c68ad54055f57
SSDEEP

6144:LYw+ce7BDlLZANk2c7ybPofQ8EjH3VtI0IDD+jAxJEsV0s7Zv/jK:LYw+L7B1Q2ybYEjH37FaNxZV0s9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42f5ef35d340e92f949e7ead4ffad6b4_JaffaCakes118

Files

42f5ef35d340e92f949e7ead4ffad6b4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

4e40ebb1d5ab75fd2ef5308f341e3a6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

userenv

EnterCriticalPolicySection
RegisterGPNotification

version

VerFindFileA
GetFileVersionInfoA
VerQueryValueA
VerQueryValueW
VerInstallFileW

rpcrt4

data_size_ndr
RpcSmSwapClientAllocFree
RpcServerUseProtseqEpA
RpcServerUseAllProtseqsIf
RpcServerUnregisterIf
RpcNetworkIsProtseqValidA
MesHandleFree
CStdStubBuffer_AddRef

kernel32

WinExec
WaitNamedPipeW
VirtualFree
VirtualAlloc
VerLanguageNameA
UnlockFileEx
SetVolumeMountPointW
SetUnhandledExceptionFilter
SetLastError
SetComputerNameA
OpenMutexA
CallNamedPipeW
ConvertThreadToFiber
CreateNamedPipeW
EnterCriticalSection
EnumTimeFormatsA
ExitProcess
FindResourceA
GetACP
GetCPInfo
GetCommandLineA
GetNamedPipeHandleStateW
GlobalDeleteAtom
HeapAlloc
IsProcessorFeaturePresent
LocalFlags

crtdll

_ismbcprint
_ultow
_wcslwr
atan2
_finite
iswgraph
localtime
_expand
_exit
_XcptFilter
_heapchk

ntdll

RtlNtStatusToDosError
RtlQueryTimeZoneInformation
RtlSetAttributesSecurityDescriptor
RtlStartRXact
RtlpNtSetValueKey
ZwFindAtom
RtlInitializeCriticalSection
RtlCompareUnicodeString
NtReplyPort
RtlNewSecurityGrantedAccess

Exports

Exports

IotwxPrvHryfaqbz
ahrGkddpkbOtfmmoOzr
bHgdbaenkXmSv
cfzzolTbYAvAW
dccewxqVjrhEdunw
dlka
ezcrXwflofntsrd
hfFvnLwzvLmkzwJ
kPbtox
pOwH
spAk
ssmutdTCbOk
wkCPl

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 415KB - Virtual size: 983KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e40ebb1d5ab75fd2ef5308f341e3a6f

Headers

DLL Characteristics

File Characteristics

Imports

userenv

version

rpcrt4

kernel32

crtdll

ntdll

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 415KB - Virtual size: 983KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 415KB - Virtual size: 983KB

.rsrc
Size: 26KB - Virtual size: 26KB