6af3d9b36c10a9741fc010b098655040_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6af3d9b36c10a9741fc010b098655040_JaffaCakes118
Size

92KB
MD5

6af3d9b36c10a9741fc010b098655040
SHA1

70c2f614a2a783f07c8d4f8c82339ca0a126a040
SHA256

2e181457e3ef89d340092fb2960ea92a4f5c590be7e39ac168b98849038515e2
SHA512

7b8bf9205346d8548e86c2f11598cfa0a237040ef3d8ed1f72d31f2b55d79a1d3a0b6781187d4292b8cbeef694ef43b5981b7fe07a11d308989bd50b6ac6ffd9
SSDEEP

1536:Ru3ckfLov5gi4rQCtQbpToMcP6wlSCArj7nnN+ukHq1KZegG5QAD/eCQpIAGzs9r:obLovDAftQbpkliwws9Hq1KZe75QAbQB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6af3d9b36c10a9741fc010b098655040_JaffaCakes118

Files

6af3d9b36c10a9741fc010b098655040_JaffaCakes118
.dll windows:4 windows x86 arch:x86

44b73756aac72a5178a6d91ca93f35b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
DeleteFileA
EnumResourceNamesA
ExitProcess
GetACP
GetCommandLineA
GetLastError
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetTimeFormatA
GetVersionExA
HeapAlloc
InterlockedIncrement
LoadResource
ReadFile
RtlUnwind
SetErrorMode
SetLastError
TlsSetValue
UnmapViewOfFile
WritePrivateProfileSectionA
lstrcatA
lstrcpyA

advapi32

RegCloseKey
RegEnumKeyA
RegLoadKeyA
RegOpenKeyExA
RegQueryValueA
LookupPrivilegeValueA

ole32

CoInitialize
CoGetClassObject
CoUninitialize
CoCreateInstance
CreateBindCtx
RevokeDragDrop
ReleaseStgMedium
RegisterDragDrop
OleUninitialize
OleInitialize
CoRegisterClassObject
CoFileTimeNow

user32

RegisterClassA
OffsetRect
MessageBoxA
DeleteMenu
CreateCursor
CopyRect
CharNextA
BeginPaint
OemToCharBuffA

shell32

SHBindToParent
SHFileOperationA
SHGetDesktopFolder
SHGetFileInfoA
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconA

shlwapi

StrChrA
StrStrIA
SHAutoComplete
PathUnquoteSpacesA
PathQuoteSpacesA
PathMatchSpecA
PathIsRelativeA
PathIsDirectoryA
PathFindFileNameA
PathFindExtensionA
PathFileExistsA
PathCanonicalizeA
PathAppendA

imm32

ImmGetContext
ImmGetCompositionStringW
ImmReleaseContext
ImmSetCompositionFontA
ImmSetCompositionWindow

msvcrt

time
memset
realloc
sscanf
strcmp
strtol
__set_app_type
fflush

oleaut32

SysFreeString
SysStringLen
VariantChangeTypeEx
VariantClear
LoadTypeLib

Exports

Exports

Au
Dfckxldsjg
Jwjiwufsmig
Mytae
Nxs
Omewmzodsm
Rafjet
Saueur
Sxmzcf
Ufdzgoxom
Ulbocthn
Umqrqhw
Xdzmjltffn
Yf

Sections

.text
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44b73756aac72a5178a6d91ca93f35b8

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

user32

shell32

shlwapi

imm32

msvcrt

oleaut32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 24KB

.rdata Size: 28KB - Virtual size: 32KB

.data Size: 31KB - Virtual size: 32KB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 20KB - Virtual size: 24KB

.rdata
Size: 28KB - Virtual size: 32KB

.data
Size: 31KB - Virtual size: 32KB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB