95957bd80607981445823d51def2a535_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

95957bd80607981445823d51def2a535_JaffaCakes118
Size

176KB
MD5

95957bd80607981445823d51def2a535
SHA1

204b9e387206e6a8e701afbc528ee130573ec86b
SHA256

3874d848afc9b976b853ca49a0846e76637b932b9e74706f060bb689bf3a7900
SHA512

d37452e8cb8f19f95246c197c9d38ba28732f147b847516c7c08fe4fe5f3bd1c4f3267adc7164e344ecdc3631fcf6f7fa032c958602c897ad9ff9414718a98c4
SSDEEP

3072:4VhRkMC9M6mTc0x6aXha7xQPfqNv9AsL/8Se8qOw7ZCnsNmxm:uYMC9MT1XhJfqNVf/8SecwCnAm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95957bd80607981445823d51def2a535_JaffaCakes118

Files

95957bd80607981445823d51def2a535_JaffaCakes118
.dll windows:5 windows x86 arch:x86

60ff324c1664fa17443226eb666d2223

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
wcslen

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
TraceMessage
RegCloseKey
RegSetValueExW
RegCreateKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegOpenKeyExW
RegQueryValueExW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

kernel32

CreateThread
GetLastError
SetEvent
CreateTimerQueue
DeleteTimerQueueEx
VirtualProtect
DeleteTimerQueueTimer
HeapAlloc
GetProcessHeap
HeapFree
DisableThreadLibraryCalls
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSection
VirtualAlloc
DeleteCriticalSection
InterlockedDecrement

rpcrt4

UuidCreate

crypt32

CertCloseStore
CertControlStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CertOpenStore
CertGetCertificateContextProperty
CertFindCertificateInStore
CertVerifyTimeValidity
CertNameToStrW

userenv

LeaveCriticalPolicySection
RegisterGPNotification
EnterCriticalPolicySection
UnregisterGPNotification

winipsec

ord34
ord48
ord38
ord28
ord33
ord47
ord78
ord23
ord39
ord24
ord29
ord57
ord79

Exports

Exports

ServiceMain
UninitializeNapIpsecRp

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60ff324c1664fa17443226eb666d2223

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

ole32

kernel32

rpcrt4

crypt32

userenv

winipsec

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 149KB - Virtual size: 149KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 22KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 149KB - Virtual size: 149KB

.reloc
Size: 2KB - Virtual size: 1KB