b43141482f19d0758f15f7d923631612_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b43141482f19d0758f15f7d923631612_JaffaCakes118
Size

448KB
MD5

b43141482f19d0758f15f7d923631612
SHA1

a044c7c0742ec664de9bb379bd1214d75ba168a5
SHA256

2c4f2bac1541c1519176a4456765c7039419089446fe82cfa9bed60565decc60
SHA512

194c1536aaba5f23800e2513d4a845d1614e0f19f6a792d601638272b10f7cfb527be535a752c04cfc1e17d6b72cbc6620db72744e8624c4747442b01af32d8b
SSDEEP

12288:oqY6jzPuGqEp0ZrRSzPKFvxOBKLgrM6NGiZ8:oqY6jTiT+YvxOod6N5Z8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b43141482f19d0758f15f7d923631612_JaffaCakes118

Files

b43141482f19d0758f15f7d923631612_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f9fcc81626febf9189c63399d737523a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

EqualRect
FillRect
IsCharLowerA
LoadAcceleratorsA
LoadBitmapA
LoadCursorFromFileA
LoadImageA
MessageBeep
OemToCharBuffA
PostMessageA
SendMessageA
UpdateWindow
EmptyClipboard
EndDialog

version

GetFileVersionInfoW
VerFindFileW
VerInstallFileW
VerQueryValueW
GetFileVersionInfoA

kernel32

WinExec
VerLanguageNameW
VerLanguageNameA
UnlockFileEx
TerminateProcess
SetLastError
SetFilePointer
SetCurrentDirectoryA
SetCommState
SetCommMask
SetCommBreak
SearchPathA
ReplaceFileA
QueryPerformanceFrequency
DeleteFileA
DuplicateHandle
EnumDateFormatsW
EnumResourceLanguagesW
ExitProcess
FindFirstFileExA
FindFirstVolumeW
FindResourceW
FlushFileBuffers
GetCommandLineA
GetCurrentThreadId
GetDefaultCommConfigW
GetFileSize
GetLastError
GetLocalTime
GetProcAddress
GetTapePosition
GetThreadLocale
GetTickCount
GetVersionExW
HeapAlloc
IsBadReadPtr
IsBadStringPtrA
IsDBCSLeadByte
ProcessIdToSessionId

ntdll

RtlUpcaseUnicodeStringToOemString
RtlxOemStringToUnicodeSize
ZwAccessCheck
ZwCompleteConnectPort
ZwCreateIoCompletion
RtlTimeToElapsedTimeFields
RtlStringFromGUID
RtlSetInformationAcl
RtlSetCurrentDirectory_U
RtlResetRtlTranslations
RtlNtStatusToDosError
RtlMultiByteToUnicodeN
RtlLargeIntegerShiftLeft
RtlIsNameLegalDOS8Dot3
RtlInsertElementGenericTable
RtlInitAnsiString
RtlImpersonateSelf
RtlEqualDomainName
RtlDelete
RtlCreateUserProcess
NtGetWriteWatch
NtMapUserPhysicalPagesScatter
NtPowerInformation
NtPrivilegeObjectAuditAlarm
NtQueryPerformanceCounter
NtSetHighEventPair
RtlTraceDatabaseFind

userenv

CreateEnvironmentBlock
RegisterGPNotification
GetAppliedGPOListW
FreeGPOListW
ExpandEnvironmentStringsForUserW
EnterCriticalPolicySection

Exports

Exports

AslbmbmhQDrYnkTcMg
CvdVdvizmbilz
CvvZwqiqpqilwsJmNup
RczevmuTzo
UpkIPpjqlr
YhujHaryub
cPQ
dfT
doJiqduTouYnitgkf
ghfronm
nagwjaamtudgojb
njqoucNmb
oQoDihDyfiNvkztNc
shxlvFeotguk
usaH
wDufiriYjjthmMXoxz
xbprAhjkqjgvHKjhmk
zsygxgkhhspmulOzga

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 667KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9fcc81626febf9189c63399d737523a

Headers

DLL Characteristics

File Characteristics

Imports

user32

version

kernel32

ntdll

userenv

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.data Size: 362KB - Virtual size: 667KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 58KB - Virtual size: 57KB

.data
Size: 362KB - Virtual size: 667KB

.rsrc
Size: 26KB - Virtual size: 26KB