b549c4136041f5f8cc7388a1ea20faf2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b549c4136041f5f8cc7388a1ea20faf2_JaffaCakes118
Size

50KB
MD5

b549c4136041f5f8cc7388a1ea20faf2
SHA1

90823655628103be570c7d99960147ff9a3f662d
SHA256

13a54ed4100a9fd061cf609b8a7b8f7e85330301450647bf0730ce1a1fb0b12a
SHA512

8b19dc0c8dafdba62fe669ed7161c3274cfb42a4f6207af0b9b107fd9e543eeafe02b2b6df882fd693be2625574b613631bbbbd47ae1b1ff0cd9d6e920b55c6d
SSDEEP

1536:AcRumAqpq1ToOLbxfySb2hw84FJNVtiZMvjDRNiGu6qIYqAmFVpTaB:AcRuMqF9/LIYjrtiyvvRNRu6hYEVpTa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b549c4136041f5f8cc7388a1ea20faf2_JaffaCakes118

Files

b549c4136041f5f8cc7388a1ea20faf2_JaffaCakes118
.dll windows:0 windows x86 arch:x86

330ad10e64c5dbf3ea04edb301ef5b88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rasrogon

ImmSetCandidateWindow
ImmLockImeDpi
ExtractIconA
ImmUnlockClientImc
ImmGetStatusWindowPos
ImmDestroySoftKeyboard
ILGetNext
SdbReadEntryInformation
SdbReadQWORDTag
ImmGetOpenStatus
CtfImmLeaveCoInitCountSkipMode
SdbRegisterDatabase
SdbGetStringTagPtr
PathMakeUniqueName
ILAppendID
CtfAImmActivate
ImmGetGuideLineA
ImmFreeLayout
ImmDisableTextFrameService
SdbDeletePermLayerKeys
DAD_ShowDragImage
SdbReadBYTETag
DllCanUnloadNow
SdbReadBYTETagRef
SdbReadStringTag
PathResolve
ImmIsUIMessageA
ImmCreateIMCC
ILLoadFromStream
Control_RunDLL
ImmSendIMEMessageExA
ImmDestroyIMCC
SdbGetTagFromTagID
SdbFindFirstMsiPackage
SdbTagToString
Control_FillCache_RunDLL
SdbReadStringTagRef
CtfImmRestoreToolbarWnd
SdbUnregisterDatabase
CallCPLEntry16
ExtractIconExA
Control_RunDLLA
ImmGetIMEFileNameA
SdbReadDWORDTag
ImmSetCompositionStringA
SdbGetFirstChild
PickIconDlg
DAD_SetDragImage

kernel32

SetTapeParameters
VirtualQuery
GetModuleHandleA
FreeLibrary
SetTapePosition
BackupRead
GetTapeParameters
SetFileTime
ReleaseSemaphore
MapViewOfFile
EraseTape
CreateFileMappingA
LocalFree
WaitForMultipleObjects
GlobalAlloc
SetFilePointer
SetUnhandledExceptionFilter
ReadFile
GetSystemTime
UnmapViewOfFile
ExitThread
GetCurrentThread

ntdll

_aulldvrm

advapi32

RegCloseKey
OpenProcessToken
InitializeAcl
QueryServiceStatus

user32

RemoveMenu
BringWindowToTop
CreateIconIndirect
GetParent
SetActiveWindow
CopyRect
UnhookWindowsHookEx
GetKeyState
InvalidateRect
GetCapture

Exports

Exports

CreateProcessNotify
proxsupd

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

330ad10e64c5dbf3ea04edb301ef5b88

Headers

File Characteristics

Imports

rasrogon

kernel32

ntdll

advapi32

user32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 3KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 3KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB