841a222da4d82e3764f972f1f4579a93_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

841a222da4d82e3764f972f1f4579a93_JaffaCakes118
Size

942KB
MD5

841a222da4d82e3764f972f1f4579a93
SHA1

79d9f2494f8f4136b2522249813fa194835b39b1
SHA256

7d2a85a8e2d4045c37e4100963741e35433869b6896716fcea9df7ade721bf44
SHA512

bffa554f0530e2b89580a41a36f4471f959ab60d9357cc0c934498247d4c2438701b5c849256a99450b04c5bf5e04724bbb99615a37b4559ad7ad31c6fd636aa
SSDEEP

24576:deJhETcayQg7zLDZ7ObFC49wPtjtayyJIeeZ1w:YJ+ir3tMn94U7IeeZu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
841a222da4d82e3764f972f1f4579a93_JaffaCakes118

Files

841a222da4d82e3764f972f1f4579a93_JaffaCakes118
.dll windows:4 windows x86 arch:x86

db57e0b0607afb5b7f773fdcef37f429

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

comdlg32

GetSaveFileNameA

winmm

sndPlaySoundA

wsock32

WSACleanup

Exports

Exports

caoniba
caonidi
caonigong
caonijie
caonijiu
caonilao
caonima
caonimei
caonimu
caoninai
caonishu
caoniye
caonizu

Sections

CODE
Size: - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 16KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 291B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 502KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 935KB - Virtual size: 934KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db57e0b0607afb5b7f773fdcef37f429

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

comctl32

comdlg32

winmm

wsock32

Exports

Exports

Sections

CODE Size: - Virtual size: 597KB

DATA Size: - Virtual size: 12KB

BSS Size: - Virtual size: 16KB

.idata Size: - Virtual size: 9KB

.edata Size: - Virtual size: 291B

.vmp0 Size: - Virtual size: 46KB

.rsrc Size: 5KB - Virtual size: 107KB

.vmp1 Size: - Virtual size: 502KB

.vmp2 Size: 935KB - Virtual size: 934KB

.reloc Size: 512B - Virtual size: 36B

CODE
Size: - Virtual size: 597KB

DATA
Size: - Virtual size: 12KB

BSS
Size: - Virtual size: 16KB

.idata
Size: - Virtual size: 9KB

.edata
Size: - Virtual size: 291B

.vmp0
Size: - Virtual size: 46KB

.rsrc
Size: 5KB - Virtual size: 107KB

.vmp1
Size: - Virtual size: 502KB

.vmp2
Size: 935KB - Virtual size: 934KB

.reloc
Size: 512B - Virtual size: 36B