70270a55417b46a0008291b813af4614_JaffaCakes118

General

Target

70270a55417b46a0008291b813af4614_JaffaCakes118
Size

42KB
MD5

70270a55417b46a0008291b813af4614
SHA1

279b354683ad12f875eaa5ca1ee28314289021d7
SHA256

d0dd88db31a8a866f97983e3d9a1d631af8aeddc2befdacab9abc1f75e1bcb63
SHA512

19d12cb832cada80fa7403fdf1567980d6bab11f3af3ae7eb693ae79a8c214383437a7aa81d46903f367b7538508f1c34eccd5161646a366bf1e7acf821b117d
SSDEEP

768:DA24wsBl10JtW55CBelUtzb/4nPt3EAkbpWYUg0lneZ0w6/8JT1lEp:DAFn0Jo5CBh5wP1e88Jju

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70270a55417b46a0008291b813af4614_JaffaCakes118

Files

70270a55417b46a0008291b813af4614_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3fdc67d3352d3666550261cd3aa5cb7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtInitiatePowerAction
NtOpenIoCompletion
NtOpenEventPair
ZwDeleteFile
ZwFlushWriteBuffer
NtFlushInstructionCache

kernel32

GetProcessHeap
WritePrivateProfileStringA
VirtualAlloc
GetShortPathNameA
SetEndOfFile
MultiByteToWideChar
ReleaseSemaphore
GetTickCount
RaiseException
FindNextFileA
SetFilePointer
WritePrivateProfileStructA
SetUnhandledExceptionFilter
GetVersion
CreateEventW
SetThreadPriority
ReadFile
SetCurrentDirectoryA
ReadProcessMemory
GetFullPathNameW
SetWaitableTimer
SetErrorMode
GetStringTypeExW
FindClose
lstrcpyW
InterlockedExchangeAdd
IsDebuggerPresent
QueryPerformanceFrequency
GetLocaleInfoW
GetPrivateProfileIntW
InitializeCriticalSection
GetLongPathNameW
FindFirstFileA
CreateFileA
DuplicateHandle
GetCurrentThread
GetPrivateProfileStringW
CloseHandle
LoadLibraryExW

Exports

Exports

CreateProcessNotify
GetUdpTable
DllClientCleanup
instPing
DllClientStartup
GetOwnerModuleFromUdpEntry
InternalSetIpStats
GetBestRoute
GetUdpStatisticsEx
Icmp6ParseReplies
NTPTimeToNTFileTime
Icmp6CreateFile

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fdc67d3352d3666550261cd3aa5cb7f

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 409B

.rsrc Size: 33KB - Virtual size: 36KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 409B

.rsrc
Size: 33KB - Virtual size: 36KB

.reloc
Size: 512B - Virtual size: 4KB