b8caeeabce1000414b2e9bde39a1f1d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8caeeabce1000414b2e9bde39a1f1d9_JaffaCakes118
Size

367KB
MD5

b8caeeabce1000414b2e9bde39a1f1d9
SHA1

0af17534d17481624d9e0571c493d99ded68ecfd
SHA256

8d106a37dbec5aab8fe33f213236c6816832dec5770a6d5a32a572cdc66d0fa2
SHA512

2b6328849c67b4c15373196e38a079ddfce84d26ca752368852932f7d787e5716b616175b3fb70f1ba74f80c0dceac0bf8115658cfa2166c6dbb71ae4aa68c52
SSDEEP

6144:YtrS7nSiRcchSwVvpWUpNIG7lrRE8Vtdn1rmWdicuKKfuNU5lciHPVhBDuqW2TG7:4nwhhfzRIblv2JmEIgTesjz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8caeeabce1000414b2e9bde39a1f1d9_JaffaCakes118

Files

b8caeeabce1000414b2e9bde39a1f1d9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

741ab48e63941eef19b2a6fea8068146

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

VariantInit
VarUI2FromUI4
VarI4FromI1
VarCyFromI2
VarBstrFromCy
SysAllocString

kernel32

WriteFile
DebugBreak
DeleteCriticalSection
DeleteTimerQueueTimer
ExitProcess
FlushFileBuffers
FormatMessageA
FormatMessageW
GetACP
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcessHeap
GetProcessPriorityBoost
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GlobalAlloc
GlobalFree
HeapAlloc
HeapDestroy
HeapFree
HeapLock
HeapReAlloc
WideCharToMultiByte
HeapWalk
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LocalReAlloc
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
ReadFile
RtlUnwind
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
WaitForSingleObject
HeapUnlock

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
DeregisterEventSource

ole32

CoInitializeEx
CoTaskMemFree
CLSIDFromString

Exports

Exports

ActViewfinderAutoFunctions
AddPicture2
CreateIsoItemOfSize
D3D10ResourceGetMappedArray
FreeHost
GetDevicePropertyCount
GetMCCustomItemDataCount
Memcpy2DAsync
SetDesiredUDFRevision
StreamDestroy
WriteDevParamToRAW

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

741ab48e63941eef19b2a6fea8068146

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 166KB - Virtual size: 166KB

.data Size: 512B - Virtual size: 233KB

.rsrc Size: 142KB - Virtual size: 142KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 166KB - Virtual size: 166KB

.data
Size: 512B - Virtual size: 233KB

.rsrc
Size: 142KB - Virtual size: 142KB

.reloc
Size: 3KB - Virtual size: 3KB