a164fbb7862eef16042f6668d93d585f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a164fbb7862eef16042f6668d93d585f_JaffaCakes118
Size

340KB
MD5

a164fbb7862eef16042f6668d93d585f
SHA1

dec00cb66b5796006c2456a5338e3554d3d3fb5c
SHA256

f8494ed353a7a84f2851aa94177c5e467dd9487dfcdf99ee4b506a07e45d4f8e
SHA512

6bc47ec802f5ba7e41e6300224b87ae4afc574d391a98768001e36adf8b64d7294df883689b85e59e82c007a8f4d258f3af39cacd5bbb89574b9aa3c2ede9def
SSDEEP

6144:RrLfUkADWjsvOI1EmwBDOz/hBLANYtrT9LamSpCDPCmPMGRH4YTbT71SU812AtqE:RrDD4WGTdvlpPvVGltj/xv2chBB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a164fbb7862eef16042f6668d93d585f_JaffaCakes118

Files

a164fbb7862eef16042f6668d93d585f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

549b86db3cacdcd40553b46b603b877e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
EnterCriticalSection
ExitProcess
FormatMessageA
GetACP
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetLastError
GetLocalTime
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessPriorityBoost
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount
GetVersion
GlobalAlloc
GlobalFree
GlobalHandle
HeapAlloc
HeapCreate
HeapDestroy
DeleteTimerQueueTimer
HeapReAlloc
HeapUnlock
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalReAlloc
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
ReadFile
RtlUnwind
SearchPathW
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
VirtualAlloc
VirtualProtect
WaitForSingleObject
WideCharToMultiByte
WriteFile
DeleteCriticalSection
DebugBreak
CloseHandle
HeapFree
AddAtomA

ole32

CoInitializeEx
CoTaskMemFree
CLSIDFromString

advapi32

DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

VarBstrFromCy
VariantInit
VarUI2FromUI4
VarI4FromI1
SysAllocString
VarCyFromI2

Exports

Exports

BAOCloseFile
BurnAtOnce
DeleteImage
EnumAFDistanceSettingRelease
EnumBaseImageDataPropertyNext
EnumDriveModeReset
EnumExposureCompReset
EnumItemReset
GetDiscImageInfo
GetPreviousDeviceInfo
IsSupportParamValue
RegisterSharedVar
RegisterSurface

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

549b86db3cacdcd40553b46b603b877e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 140KB - Virtual size: 140KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 149KB - Virtual size: 149KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 140KB - Virtual size: 140KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 149KB - Virtual size: 149KB

.reloc
Size: 2KB - Virtual size: 2KB