434f656dfb15c0d7aca445a186861814_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

434f656dfb15c0d7aca445a186861814_JaffaCakes118
Size

72KB
MD5

434f656dfb15c0d7aca445a186861814
SHA1

3e4b96507d15290aec32e5b7b4a965c86ec9682c
SHA256

2c382995d3661a7bd886a735140b3f23584fe621ff555a85023c6ca1c18059cd
SHA512

637f2f12861235871a5be24a0063a54302265a193cfaa6b60e52a71f5d986729b58dae1faca0a2cd0ee6657cf7d323c569f385794f4240216efd78e4119e35e8
SSDEEP

1536:j6WcbK18b6Ut8FwoNBOWQnQcAn2hL48IPm:j4bK12t7hWQQcAn2hL48IP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
434f656dfb15c0d7aca445a186861814_JaffaCakes118

Files

434f656dfb15c0d7aca445a186861814_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cff65dbeb65c5e0ae9af934a0fa26718

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DeleteFileW
GetProcessHeap
FreeLibrary
GetProcAddress
GetLastError
DisableThreadLibraryCalls
DeleteCriticalSection
ResetEvent
GetTickCount
InterlockedDecrement
HeapAlloc
HeapFree
QueueUserWorkItem
UnmapViewOfFile
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
GetVolumeInformationW
GetFileAttributesExW
LocalFree
FindClose
FindNextFileW
RemoveDirectoryW
DeleteTimerQueueTimer
CreateDirectoryW
CloseHandle
GlobalFree
GetCommandLineA
VirtualProtect
LoadLibraryW
GlobalAlloc

advapi32

RegOpenKeyExW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegSetKeySecurity
EqualSid
GetTokenInformation
OpenProcessToken
GetSecurityDescriptorOwner
GetFileSecurityW
SetSecurityDescriptorDacl
SetEntriesInAclW
CreateWellKnownSid
InitializeSecurityDescriptor
RegCloseKey

ole32

CoUninitialize
CoCreateInstance

msvcr71

free
__dllonexit
_except_handler3
qsort
_stricmp
wcschr
isxdigit
malloc
_callnewh
_onexit
_XcptFilter
_initterm
_adjust_fdiv
_wcsnicmp
wcscmp
wcslen
__CppXcptFilter

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cff65dbeb65c5e0ae9af934a0fa26718

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

msvcr71

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 34KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB