499d81cec21c1b9135c56da941b9d1a9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

499d81cec21c1b9135c56da941b9d1a9_JaffaCakes118
Size

221KB
MD5

499d81cec21c1b9135c56da941b9d1a9
SHA1

b998cd05dd5aa0cdf13ca24f11c1b8eaa888c67f
SHA256

d834935e508416f7be8d4aacab08fa9318b4f3ad6086a3e747dc09720dc4dfba
SHA512

4c88073000a9727458cf879f998597bda7fbd9c80c30a9b88b2a0ba1a5d5601d4ba761b68412147280d31b414931a08d8acb4dc52442a8a2b8f56f703bec71db
SSDEEP

6144:hX+lH+os/EhtqWwVlfyiYzcnvKfoFMkRyZf+:0lLcOtqWwDfdYzhCMWyl+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
499d81cec21c1b9135c56da941b9d1a9_JaffaCakes118

Files

499d81cec21c1b9135c56da941b9d1a9_JaffaCakes118
.dll windows:6 windows x86 arch:x86

0f07486d2e5a40df9a36bc26729145b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msfeedsbs.pdb

Imports

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
_vsnwprintf
wcstoul
_purecall
_wcsnicmp
_wcsicmp
bsearch
memcpy
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
memset

kernel32

FindResourceW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
FreeLibrary
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
FindResourceExW
LoadResource
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
lstrlenW
CreateProcessW
CompareFileTime
GetCurrentProcess
SystemTimeToFileTime
SearchPathW
WriteFile
WaitForSingleObject
HeapFree
GetProcAddress
LoadLibraryA
RaiseException
FileTimeToSystemTime
GetSystemDirectoryW
Sleep
GetModuleFileNameW
GetVersionExW
GetProcessHeap
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
LocalFree
LocalAlloc
CloseHandle
GetLastError
CreateMutexW
ReleaseMutex
DeleteFileW
SetFileAttributesW
MoveFileExW
CreateFileW

advapi32

RevertToSelf
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
UnregisterTraceGuids
TraceMessage
ImpersonateLoggedOnUser
CreateRestrictedToken
GetTokenInformation
OpenProcessToken
GetTraceEnableFlags

ole32

CoCreateGuid
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear
CLSIDFromString

shlwapi

SHSetValueW
SHRegGetValueW
PathFindFileNameW
PathRemoveFileSpecW
HashData
SHStrDupW
PathFindExtensionW
PathAppendW
ord24
StrCmpNW
ord331

iertutil

ord85
ord79
ord9
ord74
ord81
ord48

secur32

GetUserNameExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f07486d2e5a40df9a36bc26729145b2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

ole32

shlwapi

iertutil

secur32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 172KB - Virtual size: 173KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 172KB - Virtual size: 173KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB