44475c297cbd0ed6a90f6fa3a33118b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44475c297cbd0ed6a90f6fa3a33118b8_JaffaCakes118
Size

54KB
MD5

44475c297cbd0ed6a90f6fa3a33118b8
SHA1

518853eacd7c47cda26bd628bf3b0ce7b81897a0
SHA256

8b0b1820a64ce42dce33fe32773a7b51b21573b0275a87e44e74ce859d1e4302
SHA512

eb11390d767a6baec1ed7f48d01eaaf30337a4a0c528a5a596bd421953116d2ad6d127753fc975d1971c77d1170731b44782e80fcd95dcc6e407b02dd5351ded
SSDEEP

1536:i/Pi3Fqmi48J2PU9zaP2m/79VV5BVXqBJO:iHo0/4emTLBEu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44475c297cbd0ed6a90f6fa3a33118b8_JaffaCakes118

Files

44475c297cbd0ed6a90f6fa3a33118b8_JaffaCakes118
.dll windows:9 windows x86 arch:x86

f1ef5b3b1c570dd2dbbaeea0d7c8df85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
LoadLibraryA
WaitForMultipleObjects
VirtualQueryEx
FreeLibrary
GlobalFree
GetModuleHandleA
MapViewOfFile
SetTapePosition
CreateFileMappingA
LockFile
GetSystemTime
UnmapViewOfFile
FindClose
LeaveCriticalSection
LocalAlloc

advapi32

CloseEncryptedFileRaw
OpenProcessToken
QueryServiceStatus

msdtoins

DllCanUnloadNow
ILLoadFromStream
ImmUnlockClientImc
ImmDisableIME
DllGetVersion
CtfImmTIMActivate
ImmGetCompositionFontA
CtfImmRestoreToolbarWnd
ExtractIconEx
ImmIMPQueryIMEA
CtfImmGenerateMessage
SdbQueryFlagInfo
SdbGetTagFromTagID
RealShellExecuteExA
ImmRequestMessageA
ImmReleaseContext
SdbRegisterDatabaseEx
ImmEscapeA
ImmAssociateContext
FindExeDlgProc
ImmAssociateContextEx
ILFindChild
ImmGetConversionListA
ImmConfigureIMEA
SdbReadEntryInformation
FindExecutableA
CDefFolderMenu_Create
SdbReadWORDTag
DllInstall
ImmGetVirtualKey
CtfImmHideToolbarWnd
SdbOpenDatabase
ExtractAssociatedIconExA
PifMgr_GetProperties
SdbInitDatabase
RestartDialog
Activate_RunDLL
Control_RunDLL
Control_RunDLLA
ReadCabinetState
ImmIsUIMessageA
ImmGetAppCompatFlags
SdbQueryDataEx
SetPermLayers
SdbReadQWORDTag
ImmGetCompositionWindow
ImmEnumRegisterWordA
FreeIconList
ImmGetIMCCSize
ImmGetImeInfoEx
ImmFreeLayout
DllUnregisterServer
ExtractAssociatedIconA

user32

GetMenuItemCount
IsWindowVisible
IsWindow
FlashWindow
SetActiveWindow
ScreenToClient
DrawFocusRect

netapi32

NetServerEnum
NetShareEnum
NetShareGetInfo

ntdll

NtQueryQuotaInformationFile

ole32

CoInitializeEx
CLSIDFromString
CoCreateGuid

Exports

Exports

CreateProcessNotify
setxheme

Sections

.text
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1ef5b3b1c570dd2dbbaeea0d7c8df85

Headers

File Characteristics

Imports

kernel32

advapi32

msdtoins

user32

netapi32

ntdll

ole32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 48KB

.rdata Size: 3KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 48KB

.rdata
Size: 3KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB