440bbb50f8651107068f5e5cf44db034_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

440bbb50f8651107068f5e5cf44db034_JaffaCakes118
Size

185KB
MD5

440bbb50f8651107068f5e5cf44db034
SHA1

ddbbaf7a1693af131c59900cbeae07259d7ce86d
SHA256

4950454b1efe6acce1c44342d394e056c6b3e4ad5fe045514e415b077c035a37
SHA512

061d49b59cc0fd27cf6cab061f7ad60950fe273bba5ac3ae65bda0b8fc90d298d246ba8f57c4f9233132f7c86d169a74f470c5589a865dd5a831d422a8f2f0b7
SSDEEP

3072:3tgaLMiP6ZdmCvy7Jgt1+qCYWEPVapvZFfjKRtrWJpbweXDD7n5EHEBSSCPFdx33:9gwP6ZQTFE3WEPVapv7rqpWvbdn52tdI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
440bbb50f8651107068f5e5cf44db034_JaffaCakes118

Files

440bbb50f8651107068f5e5cf44db034_JaffaCakes118
.dll windows:5 windows x86 arch:x86

054c84db6781f26905f2a4b236980313

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_adjust_fdiv
_initterm
free
wcscmp
wcscpy
_wtoi
_itow
_wcsnicmp
wcslen
_wcsicmp

ntdll

VerSetConditionMask

kernel32

LoadLibraryExW
MultiByteToWideChar
GetUserDefaultLCID
GetTickCount
WaitForSingleObject
GetDefaultCommConfigW
SetDefaultCommConfigW
FindFirstFileW
FindClose
InitializeCriticalSection
SetLastError
GetLastError
CloseHandle
GlobalFree
SetEndOfFile
CreateFileW
WriteFile
ReadFile
FlushFileBuffers
WriteProfileStringW
DeviceIoControl
SetCommTimeouts
GetCommTimeouts
VerifyVersionInfoW
DeleteCriticalSection
DisableThreadLibraryCalls
DefineDosDeviceW
GetProfileIntW
SetCommState
GetCommState
lstrcmpiW
QueryDosDeviceW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GlobalAlloc
BuildCommDCBW
GetProfileStringW
FreeLibrary
GetProcAddress
LoadLibraryW
FormatMessageW

user32

DialogBoxParamW
MessageBoxW
wvsprintfW
LoadStringW
SendDlgItemMessageW
SetWindowLongW
SetFocus
BringWindowToTop
EndDialog
GetDlgItemTextW
GetWindowLongW
WinHelpW

ws2_32

WSASocketW
closesocket
WSAStartup
WSACloseEvent
WSAGetLastError
connect
setsockopt
getsockopt
shutdown
WSASend
WSACreateEvent
WSAResetEvent
WSAGetOverlappedResult

spoolss

ImpersonatePrinterClient
ClosePrinter
OpenPrinterW
GetJobW
SetJobW
RevertToPrinterSelf

msi

ord109
ord39

ole32

StringFromGUID2

Exports

Exports

InitializePrintMonitor2

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

054c84db6781f26905f2a4b236980313

Headers

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

ws2_32

spoolss

msi

ole32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: 169KB - Virtual size: 168KB

.rsrc Size: 1024B - Virtual size: 944B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 169KB - Virtual size: 168KB

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 1KB - Virtual size: 1KB