48ac023aea84ef512ee0f22b594ed80e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48ac023aea84ef512ee0f22b594ed80e_JaffaCakes118
Size

132KB
MD5

48ac023aea84ef512ee0f22b594ed80e
SHA1

37f46eb48095155e58332fea33c680a650056495
SHA256

1c6131e84b3300a98a6e41dddc8730557faa3dfcd068a19e51caaf372312a774
SHA512

f844d5dc3cb0bc49faa6a905d097b64afa073860cba227d0856905d48aab712838e7698248c87864f7db032ad11ccdbfff4ac7356ca4a183cf52e975e0f1fb3e
SSDEEP

3072:XSupttU7KiWp83lrZLcZUShzN8cZTJjVdwc5iD6T:7tRiWG34ZBhTqc5m6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48ac023aea84ef512ee0f22b594ed80e_JaffaCakes118

Files

48ac023aea84ef512ee0f22b594ed80e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

685a9d531124de405451df2b8c17588e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_putenv
_ultoa
_adjust_fdiv
_initterm
tolower
_onexit
__dllonexit
time
localtime
asctime
fopen
printf
fclose
strchr
strrchr
strncmp
_purecall
atol
??2@YAPAXI@Z
??3@YAXPAX@Z
_stat
clock
sscanf
fflush
atoi
rand
sprintf
_stricmp
_vsnprintf
memmove
_ismbcspace
realloc
free
malloc
_mbctype
strstr
fprintf

ole32

CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoCreateInstance

user32

GetWindowLongA
DispatchMessageA
PostQuitMessage
CharNextA
GetSystemMetrics
TranslateMessage
DefWindowProcA
RegisterClassA
CreateWindowExA
SetWindowLongA
DestroyWindow
PeekMessageA

advapi32

RegQueryInfoKeyA
RegEnumValueA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

oleaut32

SysFreeString
SysAllocString

kernel32

DeleteFileA
GetProcAddress
FreeLibrary
LoadLibraryA
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
MultiByteToWideChar
lstrlenA
lstrcpyA
GetFileAttributesA
CreateDirectoryA
SetErrorMode
WideCharToMultiByte

Exports

Exports

CanUnload2
RMACreateInstance
SetDLLAccessPath

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

685a9d531124de405451df2b8c17588e

Headers

File Characteristics

Imports

pncrt

ole32

user32

advapi32

version

oleaut32

kernel32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text Size: 228KB - Virtual size: 228KB

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 228KB - Virtual size: 228KB