bac5b227bf6726034dd71a1d5ff8cd81_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bac5b227bf6726034dd71a1d5ff8cd81_JaffaCakes118
Size

115KB
MD5

bac5b227bf6726034dd71a1d5ff8cd81
SHA1

224bdc55e4fd8959039b1e31701ffc22ededa1e5
SHA256

22827936beac453cdcfcda3b95a9bc037fa743cba013573619d79120b08569c2
SHA512

46b392e62eaa65f9e33b67f3d774c6f3ce5d4d212516b9eb4cd1f68f4e3a38414cd8a3ed32d23a4d39d236237a72701a7eaebf068faf488afcce34425ffaf1c8
SSDEEP

1536:wg9RYDFon5uT0NlTFTLZiTvpATWZQH9dGF37g1AUoKQUOeLfADW17oLYlZhH9ZXx:wg7qon54oLyvpyWZ8dWLg1YUOpY78oHV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bac5b227bf6726034dd71a1d5ff8cd81_JaffaCakes118

Files

bac5b227bf6726034dd71a1d5ff8cd81_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2e6d97d2a9dd405226eb8df6dd8ff88d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlImageRvaToVa
_strcmpi
RtlCharToInteger
CsrNewThread
RtlZeroMemory
wcspbrk
RtlIsTextUnicode
RtlSelfRelativeToAbsoluteSD2
LdrFindResourceDirectory_U
ceil
NtYieldExecution
RtlpNtMakeTemporaryKey
wcstombs
_ui64toa
NtRaiseException

kernel32

GetStdHandle
WriteConsoleInputVDMW
SetCommTimeouts
RegisterWaitForInputIdle
ExitProcess
lstrcpyA
VerifyConsoleIoHandle
VirtualAlloc
EscapeCommFunction
Beep
GetPrivateProfileStringA
GetFileTime
ReadProcessMemory
SetCurrentDirectoryW
TransactNamedPipe
Sleep
ReleaseMutex
SetUnhandledExceptionFilter
GlobalUnlock
UnhandledExceptionFilter

gdi32

StrokePath
GetPixelFormat
CreateDCA
EnumObjects
GdiSwapBuffers
GetStockObject
GetRegionData
GetCharABCWidthsFloatW
ArcTo
CheckColorsInGamut
UnrealizeObject
cGetTTFFromFOT
CopyMetaFileA
Ellipse
GetStockObject
GetAspectRatioFilterEx
GetTextExtentExPointW

ole32

CoGetInstanceFromIStorage
CoInitializeEx
PropSysAllocString
OleDoAutoConvert
OleSetContainedObject
IsAccelerator
OleRun
HBRUSH_UserMarshal
CoReleaseServerProcess
OleLockRunning
CoGetStandardMarshal
EnableHookObject
CoInitializeWOW
StringFromIID
OleSetClipboard
CLIPFORMAT_UserMarshal
DllDebugObjectRPCHook
OleCreateStaticFromData
HMETAFILEPICT_UserUnmarshal
OleCreateLinkToFile
OleSetMenuDescriptor
CoInitializeSecurity
UtGetDvtd16Info
OleIsRunning
WdtpInterfacePointer_UserUnmarshal
IsValidIid
ReadStringStream
OleCreateFromDataEx

Sections

.text
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e6d97d2a9dd405226eb8df6dd8ff88d

Headers

File Characteristics

Imports

ntdll

kernel32

gdi32

ole32

Sections

.text Size: 42KB - Virtual size: 44KB

.data Size: 66KB - Virtual size: 196KB

.adata Size: 3KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 42KB - Virtual size: 44KB

.data
Size: 66KB - Virtual size: 196KB

.adata
Size: 3KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB