5efa0ff4956b0a172cc4ca488b373d1b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5efa0ff4956b0a172cc4ca488b373d1b_JaffaCakes118
Size

52KB
MD5

5efa0ff4956b0a172cc4ca488b373d1b
SHA1

7da773e206fc9f6f03331c6a8f3a7ad6b46f216a
SHA256

ca82876814dfbb72d01e3ced6e9c40f0fba8a0dd70081e789612635b36013991
SHA512

ba698ad4652a926493d7903013b0718847f043946b75c68b7ed65c9db846f364a1b2abe0c267ce6c8e23a56a729edc5d75b3273e19a0e55abe41ccc1be8fd13a
SSDEEP

768:VvdCxTv3L1FyNjwbG5a4+f0qs4fiiGB/y6wJScDwtvb9MRWv/PbWv:nwKq8q9fvGBgjwtjKmbWv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5efa0ff4956b0a172cc4ca488b373d1b_JaffaCakes118

Files

5efa0ff4956b0a172cc4ca488b373d1b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d066b3c2e2500dad211c7a6ac90d422a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
RemoveDirectoryA
FindClose
lstrcmpA
FindNextFileA
CreateProcessA
SetFileAttributesA
GetFileAttributesA
GetPrivateProfileSectionA
CopyFileA
GetTempPathA
GetModuleFileNameA
GetWindowsDirectoryA
GetExitCodeProcess
ExpandEnvironmentStringsA
LocalFree
Sleep
GetTickCount
LocalReAlloc
LocalAlloc
OpenMutexA
CreateFileA
IsDBCSLeadByte
WideCharToMultiByte
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
HeapFree
WaitForSingleObject
GetProcessHeap
DeleteCriticalSection
GetVersion
InitializeCriticalSection
RtlUnwind
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
DisableThreadLibraryCalls
ExitProcess
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
EnterCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
CloseHandle
lstrcmpiA
LoadLibraryExA
FindFirstFileA
DeleteFileA
HeapAlloc
FreeLibrary
GetLastError
lstrcpyA
FormatMessageA
lstrcatA
lstrlenA
WriteFile
lstrcpynA
InterlockedIncrement
TlsGetValue
GetVersionExA

user32

PostMessageA
wsprintfA
CharNextA
wvsprintfA
DispatchMessageA
FindWindowA
SendMessageA
PeekMessageA
TranslateMessage

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA

shell32

SHGetPathFromIDListA
SHChangeNotify
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

Exports

Exports

DllMain
GetUserInfo
IsCompaqNETUser
IsExistingAnyIAUser
IsMSNIAUser
Migrate
MigrateEx
MigrateRunDll32

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d066b3c2e2500dad211c7a6ac90d422a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 33KB

.rsrc Size: 4KB - Virtual size: 1000B

.reloc Size: 4KB - Virtual size: 2KB

.text Size: 168KB - Virtual size: 168KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 33KB

.rsrc
Size: 4KB - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 168KB - Virtual size: 168KB