8db8fe3b857b27cea3e3d44bc82951c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8db8fe3b857b27cea3e3d44bc82951c9_JaffaCakes118
Size

423KB
MD5

8db8fe3b857b27cea3e3d44bc82951c9
SHA1

c11321915992626c59e07890b7c29af17dd45e26
SHA256

ccadd19973cb15f2d8842126bc8d60557101a1b998016cd11722a7390d4eed6b
SHA512

27d71c44d9ddeff4d25067b7d82177b30c3269f51cbd87f8876ed2c5155ccf94c47c906eb7061cc245efb349d37d32d17edda5fb7a629e04e8384ea54e0fca4b
SSDEEP

12288:v+cLJ2t2Vtu5CQrMOwPAUHnnW4xM4YKQm7rC3+HXwsN:vzehrsPdHnW4xMV9am+3P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8db8fe3b857b27cea3e3d44bc82951c9_JaffaCakes118

Files

8db8fe3b857b27cea3e3d44bc82951c9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

56ccd1abfeddd3fa60f44c9363f3916a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

BuildCommDCBW
DeviceIoControl
DnsHostnameToComputerNameA
EnumDateFormatsW
EnumResourceLanguagesW
ExitProcess
FlushInstructionCache
FreeConsole
GetACP
GetCommandLineA
GetCurrencyFormatA
GetCurrentThread
GetMailslotInfo
GetProcessAffinityMask
HeapAlloc
IsValidLanguageGroup
OpenMutexA
RtlZeroMemory
SetCalendarInfoW
SetLastError
SetThreadLocale
SetUnhandledExceptionFilter
SetVolumeLabelA
VerLanguageNameA
VirtualAlloc
VirtualFree
WriteProfileSectionA
_lwrite

version

VerFindFileA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA

ntdll

RtlExpandEnvironmentStrings_U
NtFsControlFile
RtlNtStatusToDosError
RtlSetThreadPoolStartFunc
ZwCreateProcess
ZwDeleteFile
ZwDuplicateObject
RtlLookupElementGenericTable

userenv

RegisterGPNotification
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetAppliedGPOListW
CreateEnvironmentBlock
UnregisterGPNotification
DestroyEnvironmentBlock
LeaveCriticalPolicySection
GetProfilesDirectoryW

crtdll

freopen
_mbctoupper
_initterm
_finite
_exit

rpcrt4

IUnknown_Release_Proxy
float_from_ndr
double_from_ndr
RpcSsSetThreadHandle
RpcSmSetClientAllocFree
RpcServerUseAllProtseqsIfEx
RpcServerUseAllProtseqsIf
RpcServerUseAllProtseqsEx
RpcServerInqIf
RpcServerInqDefaultPrincNameA
RpcObjectSetInqFn
RpcMgmtInqIfIds
RpcCancelThread
RpcBindingToStringBindingA
RpcBindingInqAuthClientA
RpcAsyncInitializeHandle
CStdStubBuffer_IsIIDSupported
MIDL_wchar_strcpy

Exports

Exports

QycxlbausdduXyeiHl
bjymcwxotzph
bpszx
cgmih
ejbqgujqXhNmdce
hkicjcc
iddntcjB
kfDxseJW
lalOLytDvUsik
pbdjustvyNdudVlYoA
rnkyfyrWxVl
sfzejHysvsp
tMccBib
wBsIxoLsx
yJItUbdyexsxLEzalme
yvO
zMerkl

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 691KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56ccd1abfeddd3fa60f44c9363f3916a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

version

ntdll

userenv

crtdll

rpcrt4

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 362KB - Virtual size: 691KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 362KB - Virtual size: 691KB

.rsrc
Size: 26KB - Virtual size: 26KB