b95d8d9cb4404b9f69e0eec5dc11aee7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b95d8d9cb4404b9f69e0eec5dc11aee7_JaffaCakes118
Size

128KB
MD5

b95d8d9cb4404b9f69e0eec5dc11aee7
SHA1

09abf45066ea513dc17f01977f65f33f6b070ef6
SHA256

19d8a507ad8c4d8eb73da61fa05d7ab5e262a795178f4e741921e9253953965b
SHA512

62fe526921873c45c8d9487c7027cdf49f6981e13ac88cc7c7707dbba7c25852946605337687105f6a4a39178defd132c453f2c9d9dd6296576b87c6617e78dd
SSDEEP

3072:S+bGf6rU50oY8ACK0gZcXuDSgdFznMqqDLy/joDbc:0ekTs0u3FzMqqDLuj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b95d8d9cb4404b9f69e0eec5dc11aee7_JaffaCakes118

Files

b95d8d9cb4404b9f69e0eec5dc11aee7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1ec018bccda4c9e78bce1e3e25d7de38

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessW
InterlockedExchange
MulDiv
VirtualAlloc
VirtualFree
GetComputerNameW
LocalFree
LocalAlloc
lstrlenW
GetStringTypeExW
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
SetFilePointer
SetEndOfFile
CreateEventW
Sleep
GetVersion
GetVersionExW
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
HeapDestroy
VirtualProtect
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
DisableThreadLibraryCalls
GetSystemDirectoryW
ReadFile
GetFileAttributesW
GetFullPathNameW
GetFileSize
WriteFile
CloseHandle
DeleteFileW
GetDiskFreeSpaceA
GetFileAttributesA
FindFirstFileA
FindClose
FindFirstFileW
GetCommandLineA
InterlockedCompareExchange

user32

DrawTextW
wsprintfW

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
RegCreateKeyA

gdi32

SelectObject
GetDeviceCaps
DeleteObject
StartDocW
DeleteEnhMetaFile
GetTextMetricsW
SetTextColor
LPtoDP
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
SetBkMode
RestoreDC
PlayEnhMetaFile
GetEnhMetaFileHeader
SetEnhMetaFileBits
SaveDC
SelectClipRgn
CreateFontIndirectW
CreateDCW
DeleteDC
EndDoc
CreateRectRgnIndirect

ole32

CLSIDFromString

rpcrt4

RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingServerFromClient
RpcBindingFree
RpcBindingSetAuthInfoW
RpcBindingInqAuthClientW
NdrClientCall2

msvcrt

wcscmp
_vsnwprintf
memset
_CxxThrowException
_callnewh
_wcsicmp
qsort
_snwprintf
wcsstr
wcscat
malloc
_initterm
_adjust_fdiv
realloc
wcscpy
wcslen
_except_handler3
__CxxFrameHandler
towupper
free
sprintf
strncpy
_mbsicmp
_mbsdec
_ismbblead
wcsncpy

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ec018bccda4c9e78bce1e3e25d7de38

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

rpcrt4

msvcrt

Sections

.text Size: 84KB - Virtual size: 80KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 57KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 57KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 4KB - Virtual size: 2KB