8d9dd3ce0ababce4d35bc8ad59f6fe09_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8d9dd3ce0ababce4d35bc8ad59f6fe09_JaffaCakes118
Size

100KB
MD5

8d9dd3ce0ababce4d35bc8ad59f6fe09
SHA1

dc1596877f33d964e173e395f11dc778d240f40e
SHA256

535022eedcae9515d07b4242b9cafd875497df973015b419e5e79a3131258416
SHA512

dd756a84181edc62b488e7a2b7840267603d1fbee8e45244ca09e5bb79ba01d6f5bf076327c527d7612ffe10cccd95f2eedd2e7b4a55aaa2e4e6b67c60d1de77
SSDEEP

3072:ol7Vt2ChrKgCWf3Ytf3HVsMBCxn5R8ZEXz:QUErssY1VLBCp5cE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d9dd3ce0ababce4d35bc8ad59f6fe09_JaffaCakes118

Files

8d9dd3ce0ababce4d35bc8ad59f6fe09_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dd6fc235a66e72f4ba38f205c3852735

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalAlloc
LocalFree
lstrlenW
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
InterlockedExchange
SetLastError
CompareFileTime
lstrcmpW
LeaveCriticalSection
CloseHandle
GetCurrentThread
EnterCriticalSection
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSection
lstrcmpiW
InterlockedDecrement
Sleep
InterlockedCompareExchange
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetSystemDirectoryA
GetLastError
FormatMessageA
GetModuleHandleA
FreeLibrary
VirtualProtect
MultiByteToWideChar
DeleteFileA
GetVersion
GetCommandLineA
WideCharToMultiByte

user32

EnableWindow
ShowWindow
SendMessageW
MessageBoxW
LoadStringW
DestroyWindow
UpdateWindow
CreateDialogParamW
EndDialog
GetWindowTextW
GetWindowTextLengthW
DialogBoxParamW

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegisterEventSourceW
ReportEventW
RegCreateKeyExW
RegConnectRegistryW
CryptAcquireContextW
CryptReleaseContext
GetTokenInformation
OpenThreadToken
RevertToSelf
CryptGetProvParam
CryptDestroyKey
RegEnumKeyExW
DeregisterEventSource

ole32

CoGetClassObject
CoTaskMemAlloc

rpcrt4

UuidFromStringW

msvcrt

_fsopen
swprintf
_wtol
wcscpy
wcscmp
_wcsicmp
wcschr
_wcslwr
wcscat
iswspace
wcsncmp
_ltow
wcslen
wcsncat
wcsncpy
_XcptFilter
localtime
time
_except_handler3
fgets
exit
fputs
_cexit
_ismbblead
_acmdln
_initterm
_amsg_exit
memset
getenv
strerror
fopen
_errno
fclose
malloc
free
_vsnprintf
_vsnwprintf
_adjust_fdiv

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd6fc235a66e72f4ba38f205c3852735

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

msvcrt

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 1KB - Virtual size: 35KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 1KB - Virtual size: 35KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 3KB