a3b193fd433a305fd51fd0bca257c07b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a3b193fd433a305fd51fd0bca257c07b_JaffaCakes118
Size

424KB
MD5

a3b193fd433a305fd51fd0bca257c07b
SHA1

bd3f63977340862fa1d88d233caf5bd37feba556
SHA256

0413a46a9598ffacd6804c742bd5ced1a23de3409e9b6d0e917805c7044f1d9d
SHA512

1dc4c498a81f2458e0bd858ce475e18a442b396f5ddbea4ae882a6e25076cfac03eb5761c94b670a62ed8f0b1660e280762a5e5bdd9dc395ac31f81179d3de2f
SSDEEP

12288:R3f0E2+teyIs0Hgl9wRE8iZzA7d0wdP6LnvigZU:ltMseg2iZ/cP6LnVy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3b193fd433a305fd51fd0bca257c07b_JaffaCakes118

Files

a3b193fd433a305fd51fd0bca257c07b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

63c180374ce1865596096bb748de9a88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

userenv

FreeGPOListW
CreateEnvironmentBlock
GetProfilesDirectoryW
RegisterGPNotification
UnregisterGPNotification
ExpandEnvironmentStringsForUserW

kernel32

VirtualAlloc
VirtualFree
VerifyVersionInfoW
VerLanguageNameW
VerLanguageNameA
CreateNamedPipeW
EndUpdateResourceW
EnumLanguageGroupLocalesA
EnumResourceLanguagesA
ExitProcess
FindVolumeClose
GetACP
GetAtomNameW
GetCPInfo
GetCommandLineA
GetDriveTypeA
GetPrivateProfileIntA
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTimeZoneInformation
GlobalDeleteAtom
GlobalWire
HeapAlloc
IsDBCSLeadByte
OpenMutexA
QueueUserAPC
QueueUserWorkItem
RtlZeroMemory
SetCurrentDirectoryA
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
UnregisterWaitEx

crtdll

_memicmp
strspn
strcoll
ldiv
iswgraph
_mbsspnp
_mbcjistojms
_exit
_finite
_fpreset
_ismbcl1
_loaddll
_locking

ntdll

NtFreeUserPhysicalPages
RtlNtStatusToDosError
RtlValidRelativeSecurityDescriptor
ZwAlertResumeThread
ZwPowerInformation
RtlConvertUiListToApiList
NtSetInformationObject
NtRaiseException

rpcrt4

RpcSsFree
UuidFromStringA
char_from_ndr
short_from_ndr_temp
tree_into_ndr
RpcServerYield
CStdStubBuffer_CountRefs
RpcBindingReset
RpcServerRegisterIf
RpcServerUseAllProtseqsEx
RpcServerUseProtseqEpA

version

GetFileVersionInfoSizeA
VerInstallFileA
VerInstallFileW
VerQueryValueW
GetFileVersionInfoA

Exports

Exports

Ksdfhk
YsyirvzbBhwHLfg
bnrqgptuyvmz
cVgFzZkfnFzzJgjjS
eahiwdQ
ewV
kdv
njyvblrp
qdjzhwc
qdqfodryrp
rxsywzdbmtCuoljLaf
wbok
zxdhhqcsBfpkgz

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 691KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63c180374ce1865596096bb748de9a88

Headers

DLL Characteristics

File Characteristics

Imports

userenv

kernel32

crtdll

ntdll

rpcrt4

version

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 362KB - Virtual size: 691KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 362KB - Virtual size: 691KB

.rsrc
Size: 26KB - Virtual size: 26KB