b0f55f344ca9c33a31dcef4eafc31392_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0f55f344ca9c33a31dcef4eafc31392_JaffaCakes118
Size

240KB
MD5

b0f55f344ca9c33a31dcef4eafc31392
SHA1

48b2dc0fd9011a821419f8e74f045d1a1e0bfd34
SHA256

69fdc84da8b15a9e40b8bf6a7a07430b914b4a0f9a33244b48087baa004e9c21
SHA512

844483972ce6651b50a219dca55e5fbc1906fe2b024921fa79e6f35d712fe3807ff13014b054ed564dbfbfa196f976380a525b9f5b9469682df934662a312518
SSDEEP

6144:NlxAuqsar8ZJhAStf+OPoGI0EB3pBiXJRDbg9r+LG5VEyHd:euqYfySkCA3A/DMCSEm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0f55f344ca9c33a31dcef4eafc31392_JaffaCakes118

Files

b0f55f344ca9c33a31dcef4eafc31392_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f5ebebc297dca261a95203016a3aa469

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
ExitThread
FatalAppExitA
FindFirstFileA
FreeEnvironmentStringsW
GetCommandLineA
GetCurrentDirectoryA
GetCurrentThread
GetFileTime
GetModuleHandleA
GetStringTypeA
GetThreadContext
GetVersionExA
GlobalAddAtomA
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
LeaveCriticalSection
LocalFree
OpenEventA
SetPriorityClass
TlsAlloc
TlsFree
TlsSetValue
VirtualQueryEx
lstrcpynA

advapi32

RegisterServiceCtrlHandlerExA
GetSecurityDescriptorControl
ConvertAccessToSecurityDescriptorA
CheckTokenMembership
BuildImpersonateExplicitAccessWithNameA
GetEffectiveRightsFromAclA

msvcrt

wcslen
exit
__set_app_type
__getmainargs
__p__commode

crypt32

PFXExportCertStore
CryptSIPPutSignedDataMsg

ddraw

GetSurfaceFromDC
GetDDSurfaceLocal
DirectDrawEnumerateExW
DirectDrawCreateEx
DSoundHelp

ole32

CoGetCallerTID
CoCancelCall
CoRegisterPSClsid

comdlg32

ReplaceTextW
PrintDlgExW
PrintDlgA
GetFileTitleW
GetFileTitleA
FindTextW
FindTextA
CommDlgExtendedError
ChooseColorA

oleaut32

SysStringLen
SysFreeString
SafeArrayAllocDescriptor
SafeArrayAccessData
ClearCustData

Exports

Exports

BindSurfaceToArray
D3D10ResourceGetMappedPointer
D3D9ResourceSetMapFlags
EncodeJFIF
EnumDriveModeRelease
EnumImageItemRelease
GraphicsD3D11RegisterResource
Memcpy2DFromArray

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5ebebc297dca261a95203016a3aa469

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

crypt32

ddraw

ole32

comdlg32

oleaut32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 132KB

.data Size: 96KB - Virtual size: 148KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 132KB - Virtual size: 132KB

.data
Size: 96KB - Virtual size: 148KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB