cf0a61eb8f0eb5af6b4608fc9b4809f1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

cf0a61eb8f0eb5af6b4608fc9b4809f1_JaffaCakes118
Size

445KB
MD5

cf0a61eb8f0eb5af6b4608fc9b4809f1
SHA1

c8c4bb2cdb0e3cc8b7955ae525834c7bbc81a514
SHA256

fe4c66bd076c5ce6cd82d8b12376ccf0727ef56ea2ca88c81a8c9758391422a2
SHA512

6ec2b3e992f2eed5441849240be264ac5022fcfbe438c1b38f84abd660629aa0c1866daa24b7c512ace8a627fafde8a26fc4849d86a3ee95dbeec3b2caa56f44
SSDEEP

12288:1YfnjJ1u4Zvzif+lktrDpzGw6bsVGd5mpcs:1Uju4NGwkpDpzLysY/mp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf0a61eb8f0eb5af6b4608fc9b4809f1_JaffaCakes118

Files

cf0a61eb8f0eb5af6b4608fc9b4809f1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f9fcc81626febf9189c63399d737523a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

EqualRect
FillRect
IsCharLowerA
LoadAcceleratorsA
LoadBitmapA
LoadCursorFromFileA
LoadImageA
MessageBeep
OemToCharBuffA
PostMessageA
SendMessageA
UpdateWindow
EmptyClipboard
EndDialog

version

GetFileVersionInfoW
VerFindFileW
VerInstallFileW
VerQueryValueW
GetFileVersionInfoA

kernel32

WinExec
VerLanguageNameW
VerLanguageNameA
UnlockFileEx
TerminateProcess
SetLastError
SetFilePointer
SetCurrentDirectoryA
SetCommState
SetCommMask
SetCommBreak
SearchPathA
ReplaceFileA
QueryPerformanceFrequency
DeleteFileA
DuplicateHandle
EnumDateFormatsW
EnumResourceLanguagesW
ExitProcess
FindFirstFileExA
FindFirstVolumeW
FindResourceW
FlushFileBuffers
GetCommandLineA
GetCurrentThreadId
GetDefaultCommConfigW
GetFileSize
GetLastError
GetLocalTime
GetProcAddress
GetTapePosition
GetThreadLocale
GetTickCount
GetVersionExW
HeapAlloc
IsBadReadPtr
IsBadStringPtrA
IsDBCSLeadByte
ProcessIdToSessionId

ntdll

RtlUpcaseUnicodeStringToOemString
RtlxOemStringToUnicodeSize
ZwAccessCheck
ZwCompleteConnectPort
ZwCreateIoCompletion
RtlTimeToElapsedTimeFields
RtlStringFromGUID
RtlSetInformationAcl
RtlSetCurrentDirectory_U
RtlResetRtlTranslations
RtlNtStatusToDosError
RtlMultiByteToUnicodeN
RtlLargeIntegerShiftLeft
RtlIsNameLegalDOS8Dot3
RtlInsertElementGenericTable
RtlInitAnsiString
RtlImpersonateSelf
RtlEqualDomainName
RtlDelete
RtlCreateUserProcess
NtGetWriteWatch
NtMapUserPhysicalPagesScatter
NtPowerInformation
NtPrivilegeObjectAuditAlarm
NtQueryPerformanceCounter
NtSetHighEventPair
RtlTraceDatabaseFind

userenv

CreateEnvironmentBlock
RegisterGPNotification
GetAppliedGPOListW
FreeGPOListW
ExpandEnvironmentStringsForUserW
EnterCriticalPolicySection

Exports

Exports

AslbmbmhQDrYnkTcMg
CvdVdvizmbilz
CvvZwqiqpqilwsJmNup
RczevmuTzo
UpkIPpjqlr
YhujHaryub
cPQ
dfT
doJiqduTouYnitgkf
ghfronm
nagwjaamtudgojb
njqoucNmb
oQoDihDyfiNvkztNc
shxlvFeotguk
usaH
wDufiriYjjthmMXoxz
xbprAhjkqjgvHKjhmk
zsygxgkhhspmulOzga

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9fcc81626febf9189c63399d737523a

Headers

DLL Characteristics

File Characteristics

Imports

user32

version

kernel32

ntdll

userenv

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 54KB

.data Size: 362KB - Virtual size: 671KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 55KB - Virtual size: 54KB

.data
Size: 362KB - Virtual size: 671KB

.rsrc
Size: 26KB - Virtual size: 26KB