66ca251e8ebd0520af2291c3ecbbbafc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

66ca251e8ebd0520af2291c3ecbbbafc_JaffaCakes118
Size

136KB
MD5

66ca251e8ebd0520af2291c3ecbbbafc
SHA1

82f76a02c6f16fc90bb482c92fdac5ad2ab5997a
SHA256

d4b8d714e92649a0073bbd7be09c7009437dabae40beba14ddff26a31121f042
SHA512

9b11e133de3a6f20649f55d1afe65fb85c06e97fb3696cfb0dffa3a402cd9e8c1ce76848ef301f34e9f5c4209ae2dcfd23f0de0fccef5a85f39afa2b5f4d00e5
SSDEEP

3072:YpB0sKl+4Guc7QQY7QuaO1ewvXn6vn+m5Av+3ywTZ7oWMy4Yq/:KB0sKksc7SQZO1eSXn6/+magVWL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66ca251e8ebd0520af2291c3ecbbbafc_JaffaCakes118

Files

66ca251e8ebd0520af2291c3ecbbbafc_JaffaCakes118
.dll windows:5 windows x86 arch:x86

237e395e359832322cf7ecfc2f76cce1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\source\rpwatchfolders\rel32\rpwatchfolders.pdb

Imports

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW

user32

GetDC
wsprintfA
ReleaseDC
CharLowerA
GetSystemMetrics
CharNextA
CharPrevA

version

GetFileVersionInfoA
VerQueryValueA

kernel32

WaitForSingleObject
RaiseException
GetLastError
FindClose
FindNextFileA
FindFirstFileA
lstrcatA
lstrcpyA
MoveFileA
DeleteFileA
WideCharToMultiByte
lstrlenW
LockResource
LoadResource
SizeofResource
FindResourceA
lstrlenA
GetPrivateProfileStringA
GetModuleFileNameA
CloseHandle
CreateFileA
Sleep
GetFileAttributesA
LoadLibraryA
CreateDirectoryA
SetCurrentDirectoryA
FreeLibrary
GetProcAddress
GetVersionExA
FindResourceExA
SetFilePointer
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetEnvironmentVariableA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
IsBadReadPtr
InterlockedExchange
CreateThread
WriteFile
GetThreadContext
VirtualQuery
OpenProcess
GlobalMemoryStatus
GetCurrentDirectoryA
IsBadWritePtr
VirtualProtect
TerminateThread

shell32

ord155
SHGetFolderPathA

shlwapi

PathAddBackslashA
PathAppendA

msvcr90

_putenv
memcpy_s
memmove_s
atoi
wcsnlen
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
strchr
??2@YAPAXI@Z
memmove
_vsnprintf
strncpy
_strnicmp
_ismbcspace
realloc
malloc
fgets
fseek
_stricmp
sprintf
fopen
_splitpath
fclose
_recalloc
calloc
free
fprintf
memset
strrchr
??3@YAXPAX@Z
strnlen
_gmtime32
_time32
vsprintf
asctime
_ismbblead
memcpy
strstr
fwrite

gdi32

GetDeviceCaps

Exports

Exports

EventCallback

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

237e395e359832322cf7ecfc2f76cce1

Headers

File Characteristics

PDB Paths

Imports

ole32

advapi32

user32

version

kernel32

shell32

shlwapi

msvcr90

gdi32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.rmnet Size: 71KB - Virtual size: 72KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.rmnet
Size: 71KB - Virtual size: 72KB