4c6cb4a15f2e94003075da0d03b4490a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c6cb4a15f2e94003075da0d03b4490a_JaffaCakes118
Size

56KB
MD5

4c6cb4a15f2e94003075da0d03b4490a
SHA1

d6372ca22396e50e19f2334a928d8a59466d7d12
SHA256

739f393a45d92ce033797e34dd5eb9387352bfe04ec6f37dc9e775b372cb5265
SHA512

db15a585f1761a2502eedb7fde5a80c6a3b36cc1b1bb4e3e0506a7414e58fd20fc4d1814e4d6603e59c280694bb6dd39e47c36c58de9a1c221465b1edc776583
SSDEEP

768:plk65R34MEwWdRdXqSgJultfwh9AGbuCaOy6az69b1PQBeC2TX/n33eG+:/RoTwWsafwh9RPoz69b1P872z/n8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c6cb4a15f2e94003075da0d03b4490a_JaffaCakes118

Files

4c6cb4a15f2e94003075da0d03b4490a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f5320bfb29bd276ecaa31f81c6096088

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

?terminate@@YAXXZ
_CxxThrowException
??2@YAPAXI@Z
??1type_info@@UAE@XZ
_except_handler3
??3@YAXPAX@Z
free
_initterm
_adjust_fdiv
malloc

kernel32

EnterCriticalSection
GlobalAlloc
AddAtomA
WriteFile
SetFilePointer
lstrlenA
lstrcpyW
lstrcmpiW
CompareStringW
InterlockedDecrement
DeleteCriticalSection
SetLastError
GetFileSize
LocalAlloc
LeaveCriticalSection
HeapAlloc
HeapReAlloc
lstrlenW
LocalFree
GetProcessHeap
HeapFree
ReadFile
GlobalFree
InitializeCriticalSection
FindAtomA
CloseHandle
DeleteAtom
WritePrivateProfileSectionW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
GetPrivateProfileSectionA
GetPrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
GetLastError

user32

UnregisterClassA
ShowWindow
SetScrollRange
GetClientRect
SetScrollPos
CreateWindowExA
RegisterClassA
DestroyWindow
GetWindowRect
GetParent
MoveWindow
ReleaseDC
GetDC
EndDialog
EnableWindow
GetDlgItem
SetWindowPos
GetScrollInfo
wsprintfW

gdi32

DeleteObject
GetDeviceCaps
GetStockObject
SelectObject

shlwapi

ord74
ord37
ord59
ord55
ord61
ord91
ord340
ord138
ord143
ord93
ord53
ord136
ord95
StrCatW
ord102
ord94
ord56
ord141
ord107
StrRChrW
wnsprintfW
ord298
ord52
StrToIntW
StrDupW
StrCmpNW
StrCpyW
StrCmpW
StrCmpIW
StrSpnW
StrCSpnW
StrCpyNW
ord75
ord217
ord215
ord68
ord295
PathFindFileNameW
ord312
ord437

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantClear
VariantInit

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc

comctl32

ord16

Exports

Exports

AdmClose
AdmFinishedA
AdmFinishedW
AdmInitA
AdmInitW
AdmResetA
AdmResetW
AdmSaveData
CheckDuplicateKeysA
CheckDuplicateKeysW
CreateAdmUiA
CreateAdmUiW
DllMain
GetAdmCategoriesA
GetAdmCategoriesW
GetFontInfoA
GetFontInfoW
IsAdmDirty
ResetAdmDirtyFlag

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5320bfb29bd276ecaa31f81c6096088

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

shlwapi

oleaut32

ole32

comctl32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.data Size: 4KB - Virtual size: 51KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 51KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB