4a35f5243a4c087704cec78ecfe63b8b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a35f5243a4c087704cec78ecfe63b8b_JaffaCakes118
Size

56KB
MD5

4a35f5243a4c087704cec78ecfe63b8b
SHA1

4e27f0c0fa35af3168e10ab942966bb0192d5a69
SHA256

2416aafa3326f2698adda9b62dec3b0c2670baac8fd5bfcbea1407bf5fd5c808
SHA512

4b557e9dee81d0f5cf46dd4a868af176ae5537b127bc981789d21a98b3503d7e5ba144fdc19c149c62b3c5cc24da093004a8908e3cea3678f183119f9734c3e4
SSDEEP

1536:lw+SHfPYtSNOacEW1AcS5wPhmG1ZvSY3EtSjNeV:lqmVPhmQZvSY3EtS4V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a35f5243a4c087704cec78ecfe63b8b_JaffaCakes118

Files

4a35f5243a4c087704cec78ecfe63b8b_JaffaCakes118
.dll windows:1 windows x86 arch:x86

d74b548dd081f2a5cf442376cfd1ed11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AccessCheck
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
GetLengthSid
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
OpenProcessToken
OpenThreadToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RevertToSelf
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner

user32

CharUpperBuffA
MessageBoxA

kernel32

CloseHandle
CopyFileA
CreateEventA
CreateFileA
CreateProcessA
CreateThread
DeleteCriticalSection
DosDateTimeToFileTime
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetTempFileNameA
GetTimeZoneInformation
GetVersionExA
GetVersion
GetWindowsDirectoryA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFileTimeToFileTime
LocalFree
MoveFileExA
MultiByteToWideChar
ReadFile
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFileAttributesA
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA

shell32

ShellExecuteA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

GetLocalizedFileVersion
IsNonDemoMMOSExeInstalled

Sections

AUTO
Size: 43KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d74b548dd081f2a5cf442376cfd1ed11

Headers

File Characteristics

Imports

advapi32

user32

kernel32

shell32

version

Exports

Exports

Sections

AUTO Size: 43KB - Virtual size:

.idata Size: 3KB - Virtual size:

DGROUP Size: 5KB - Virtual size:

.bss Size: 5KB - Virtual size:

.edata Size: 512B - Virtual size:

.reloc Size: 3KB - Virtual size:

AUTO
Size: 43KB - Virtual size:

.idata
Size: 3KB - Virtual size:

DGROUP
Size: 5KB - Virtual size:

.bss
Size: 5KB - Virtual size:

.edata
Size: 512B - Virtual size:

.reloc
Size: 3KB - Virtual size: