c8d28e0114ed966b98f4ad779f0e2167_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8d28e0114ed966b98f4ad779f0e2167_JaffaCakes118
Size

80KB
MD5

c8d28e0114ed966b98f4ad779f0e2167
SHA1

82e3e020bcd0ddac1ab1386a1993df4109cc2d9d
SHA256

26c38a5506e29ce893b5c6d2d1b81460d7cc5679fbb9b327b4acb11ff7d73f98
SHA512

b70f04562c4d0484fede490e82e85f4a53d250d529d4d940ae53b644bdc9a5f1f66b4494eb7b700a9561b1b35c669d85c44be892e95974b9e5f4c3d014817196
SSDEEP

1536:IjXKq1AQbvpjgt13w4wEZh5aYPih0P2DWwq:IjXKq1AQ7at13w4RniGwq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8d28e0114ed966b98f4ad779f0e2167_JaffaCakes118

Files

c8d28e0114ed966b98f4ad779f0e2167_JaffaCakes118
.dll windows:4 windows x86 arch:x86

eb9c95b27209e6936baae76f7e7d4943

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProfileSectionA
MultiByteToWideChar
GetConsoleCP
HeapSize
FlushFileBuffers
GetSystemTimeAsFileTime
SetVolumeLabelW
SetCommMask
GlobalMemoryStatusEx
GetSystemInfo
DeleteCriticalSection
FindNextChangeNotification
FindNextFileA
DeleteTimerQueueEx
GetHandleInformation
TryEnterCriticalSection
GetShortPathNameW
GetFileSizeEx
GetConsoleScreenBufferInfo
HeapDestroy
SetConsoleWindowInfo
lstrcpyW
GetDiskFreeSpaceA
ProcessIdToSessionId
FindClose
FindResourceW
SetEvent
EnumUILanguagesW
IsValidLocale
FreeEnvironmentStringsW
GetModuleHandleW
GetDriveTypeA
GetFileAttributesExW
SetConsoleTextAttribute
GetCurrentProcess
LocalHandle
PurgeComm
GetSystemPowerStatus
GlobalGetAtomNameW
GlobalFree
VirtualFree
FindResourceExA
GetProcessHeap
LoadLibraryA
InterlockedIncrement
GetProcAddress
GetComputerNameA
LocalFree
LeaveCriticalSection

shlwapi

PathCompactPathW
SHGetValueW
PathBuildRootW
PathAddExtensionW
PathSetDlgItemPathW
SHCreateStreamOnFileW
PathAppendW

advapi32

RegQueryValueExA
ChangeServiceConfigW
ReadEventLogA
QueryServiceStatus
RegOpenKeyW
IsTokenRestricted
IsTextUnicode
MakeSelfRelativeSD
MapGenericMask
NotifyBootConfigStatus
BuildExplicitAccessWithNameW
LockServiceDatabase
InitiateSystemShutdownW
ImpersonateAnonymousToken
GetOldestEventLogRecord
StartServiceW
GetNumberOfEventLogRecords
ElfReportEventW
GetUserNameA

gdi32

GetKerningPairsA
BeginPath
DeleteMetaFile
InvertRgn
GetLayout
GetPaletteEntries
RemoveFontResourceW
CreateMetaFileW
SetROP2
GetTextExtentPoint32A
SetTextCharacterExtra
GetPolyFillMode
EnumEnhMetaFile
GetTextCharsetInfo
CopyMetaFileA
PolyPolygon
CreateFontIndirectW
CreateFontIndirectA
GetMetaFileBitsEx
PolyBezierTo
FillPath
GetTextColor
SetSystemPaletteUse
GetTextAlign
CreateMetaFileA
SetBitmapBits
GetRegionData

Exports

Exports

d3dMobileSched

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb9c95b27209e6936baae76f7e7d4943

Headers

File Characteristics

Imports

kernel32

shlwapi

advapi32

gdi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 2KB