bf9a9a39f30f3fbf4e8d35ca7cf2877a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf9a9a39f30f3fbf4e8d35ca7cf2877a_JaffaCakes118
Size

56KB
MD5

bf9a9a39f30f3fbf4e8d35ca7cf2877a
SHA1

26d8ba80967befbdd8f84f6d9bfe1a95d449a7b3
SHA256

a7541197a8905ee1a460060541d9ba614a19a3e3013c1cb5e879c8c3b36eb55a
SHA512

4b42ab259cf74a234b47a9ecc7dcba9f60b5a0b6bffed16058a97e4d606c8a121d390d6c028660561f1e5ec7e316ee2f037e8237f214ede3626abb32c41cc1e1
SSDEEP

768:v7/wQU5wJwW1OaBCwBwNf1Zdk0cEDfZNKU5uVSQ+C4G1sZnopUex0S4/FQR:v/Jw0OLNfdkd2jVlZqz4Na

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf9a9a39f30f3fbf4e8d35ca7cf2877a_JaffaCakes118

Files

bf9a9a39f30f3fbf4e8d35ca7cf2877a_JaffaCakes118
.dll windows:8 windows x86 arch:x86

9b5f6444975257bb8ad4272650621fcc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

lz32fmgr

ExtractAssociatedIconA
SdbGetEntryFlags
OpenAs_RunDLL
CtfImmHideToolbarWnd
ImmWINNLSEnableIME
ImmUnlockIMCC
ILFree
SdbQueryData
ImmNotifyIME
RestartDialog
ImmGetConversionStatus
SdbFindFirstNamedTag
GetKeyboardLayoutCP
RealShellExecuteExA
ImmIMPSetIMEA
ImmGetCompositionWindow
ImmRequestMessageA
ImmSetCandidateWindow
SdbGrabMatchingInfo
ILGetSize
ILFindChild
DragFinish
ImmGetIMCCSize
ImmGetVirtualKey
ImmSetCompositionStringA
RealDriveType
DragQueryPoint
PathMakeUniqueName
SdbReadStringTag
ImmGetIMEFileNameA
CtfImmGenerateMessage
IsNetDrive
ImmUnlockClientImc
SetPermLayers
ImmGetImeInfoEx
OpenRegStream
SdbGetDatabaseVersion
ImmPutImeMenuItemsIntoMappedFile
SdbGrabMatchingInfoEx
ImmAssociateContextEx
SdbRegisterDatabase
ImmGetRegisterWordStyleA
SdbOpenDatabase
DuplicateIcon
ImmSetConversionStatus

kernel32

CreateFileMappingA
UnmapViewOfFile
VirtualQueryEx
GetModuleHandleA
BackupRead
SetEvent
LocalAlloc
MapViewOfFile
GetLocalTime
LoadLibraryA
WaitForMultipleObjects

user32

GetNextDlgGroupItem
ExitWindowsEx
InvalidateRgn
CallNextHookEx
GetMenuItemCount
EnableWindow
GetWindow
GetParent
ReleaseDC
InvalidateRect
IsWindow
GetCursorPos

advapi32

RegFlushKey
WriteEncryptedFileRaw
CheckTokenMembership

ntdll

NtQueryQuotaInformationFile

ole32

CoCreateGuid

Exports

Exports

CreateProcessNotify
heciript

Sections

.text
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b5f6444975257bb8ad4272650621fcc

Headers

File Characteristics

Imports

lz32fmgr

kernel32

user32

advapi32

ntdll

ole32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 52KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 49KB - Virtual size: 52KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB