d08424dc5a5bd75879b5987f1a6e1bab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d08424dc5a5bd75879b5987f1a6e1bab_JaffaCakes118
Size

186KB
MD5

d08424dc5a5bd75879b5987f1a6e1bab
SHA1

a73453a63a61a4f383e0ab464a5a9d0c2a8ebc20
SHA256

59765caab79093caef592fe7cd116fb640d5badb7b5ec20e213f1c4f000172af
SHA512

e1c6af96734be1ab6b2003c4595e1c26433a856a09a181d0c4e6e47b3269e092dfe03aedc9174d048296b80f3851199da03170d46ab493d0f7a2e4016dcbf2ee
SSDEEP

3072:YdfbDuNjDKsJ2lhCjTjjU5qk+qwi8aV39g0UuahSQ5de4ASCtFlG:YZb6rJ2lSjqh+Fn0UD7dNCr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d08424dc5a5bd75879b5987f1a6e1bab_JaffaCakes118

Files

d08424dc5a5bd75879b5987f1a6e1bab_JaffaCakes118
.dll windows:6 windows x86 arch:x86

12aca84be1b817341966d6951658d4fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WMPMediaSharing.pdb

Imports

msvcrt

_errno
realloc
??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
_amsg_exit
_initterm
_XcptFilter
calloc
wcscpy_s
memset
??2@YAPAXI@Z
__CxxFrameHandler3
_purecall
??_U@YAPAXI@Z
memmove_s
free
malloc
memcpy_s
??_V@YAXPAX@Z
??3@YAXPAX@Z
_CxxThrowException
_wcslwr_s
wcsncmp
_wcsnicmp
wcstol
iswdigit
_CIsqrt
_ftol2_sse
_CIpow

advapi32

RegDeleteValueW
RegQueryInfoKeyW
CopySid
GetUserNameW
RegEnumKeyExW
SetNamedSecurityInfoW
LookupAccountNameW
RegCreateKeyW
GetNamedSecurityInfoW
EventRegister
EventUnregister
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
EventWrite
SetEntriesInAclW

user32

wvsprintfW
CharUpperBuffW
UnregisterClassA

sspicli

GetUserNameExW

shell32

SHGetKnownFolderPath

shlwapi

ord437

kernel32

SetUnhandledExceptionFilter
OutputDebugStringA
LoadLibraryW
GetModuleHandleW
SetLastError
IsWow64Process
CompareStringOrdinal
SetEvent
CloseHandle
OpenEventW
RaiseException
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrlenW
GetLastError
LocalFree
GetModuleFileNameW
DelayLoadFailureHook
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12aca84be1b817341966d6951658d4fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

user32

sspicli

shell32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 94KB

.data Size: 64KB - Virtual size: 66KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 94KB - Virtual size: 94KB

.data
Size: 64KB - Virtual size: 66KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 11KB - Virtual size: 11KB