c8108a42fb693e0282cc0750227c5a25_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8108a42fb693e0282cc0750227c5a25_JaffaCakes118
Size

385KB
MD5

c8108a42fb693e0282cc0750227c5a25
SHA1

91ea525167beaa28b5a492cb182c194a5d3dc651
SHA256

87fdb7966f94d136e681065461d001174e4f66eb3e1cab4198e83a4ff3d8996c
SHA512

935fcaf23337cffa9f910570ae4d2ff21c426218384abfb2cfb4dee9ead31f5bb2066c41fce41e13427477aaf2c71a1c904234eb1567a60931e9ab4fd2d5ab33
SSDEEP

6144:aEXomm2utY+VM7i5BBvz9RCW+XZIryLhvhIXEHKBw+zabYV5fsPun4zcvgqJtFs:/4mm2bRWd9gWeZMydvYEHV+qSk+LtF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8108a42fb693e0282cc0750227c5a25_JaffaCakes118

Files

c8108a42fb693e0282cc0750227c5a25_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ba66490657fb2ba37536964bf83da871

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
InterlockedDecrement
lstrcmpW
DeleteCriticalSection
InterlockedIncrement
GetDriveTypeW
GetProcAddress
FreeLibrary
FindResourceW
lstrcpynW
CloseHandle
GetProfileStringW
GetVolumeInformationW
GlobalAlloc
FindFirstFileW
GetFileAttributesW
GetUserDefaultLCID
DelayLoadFailureHook
LocalSize
GetACP
GetCurrentThreadId
FormatMessageW
LoadLibraryW
TlsGetValue
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
LockResource
UnhandledExceptionFilter
LoadLibraryA
GetSystemDefaultUILanguage
LocalFree
DisableThreadLibraryCalls
QueryPerformanceCounter
LocalAlloc
CreateFileW
WaitForSingleObject
TlsSetValue
GetCurrentDirectoryW
lstrcpyW
GetCurrentProcess
SetCurrentDirectoryW
FreeLibraryAndExitThread
FindResourceA
WideCharToMultiByte
GlobalFree
DeleteFileW
GetVersionExA
FindClose
GetModuleHandleW
GetModuleFileNameW
LoadResource
lstrlenW
InterlockedCompareExchange
GetTempFileNameW
InterlockedExchange
GetLastError
MultiByteToWideChar
TerminateProcess
FindResourceExW
GetProcessVersion
SizeofResource
SetEvent
GetModuleHandleA
GetCurrentProcessId
GetLocaleInfoW
GlobalReAlloc
LocalReAlloc
GetSystemTimeAsFileTime
lstrcpyA
ResetEvent
FindNextFileW
TlsAlloc
GetShortPathNameW
MulDiv
FreeResource
GetFullPathNameW
SetUnhandledExceptionFilter
lstrlenA
GetTickCount
TlsFree
GlobalUnlock
CreateThread
GlobalLock
lstrcmpiW
EnterCriticalSection
SetErrorMode
CreateEventW

mswsock

AcceptEx
GetAcceptExSockaddrs

rpcrt4

RpcEpResolveBinding
I_RpcExceptionFilter
RpcBindingFree
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcStringFreeW
NdrClientCall2

dnsapi

DnsReplaceRecordSetW

ntdll

_chkstk
RtlUnwind
_wcsicmp
memmove
NtAllocateVirtualMemory
_vsnwprintf
RtlUnicodeToMultiByteSize
RtlUnicodeStringToAnsiString
wcslen
RtlInitUnicodeStringEx
RtlAnsiStringToUnicodeString
RtlIsNameLegalDOS8Dot3

userenv

RsopFileAccessCheck

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba66490657fb2ba37536964bf83da871

Headers

File Characteristics

Imports

kernel32

mswsock

rpcrt4

dnsapi

ntdll

userenv

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 872KB

.rdata Size: 15KB - Virtual size: 14KB

.rsrc Size: 357KB - Virtual size: 356KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 872KB

.rdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 357KB - Virtual size: 356KB

.reloc
Size: 512B - Virtual size: 20B