cff5d0e5e506b09c9cb493a6823a7c6d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cff5d0e5e506b09c9cb493a6823a7c6d_JaffaCakes118
Size

308KB
MD5

cff5d0e5e506b09c9cb493a6823a7c6d
SHA1

2b0e54383a25e76bb1554db1d70e00448366db9b
SHA256

581906ef2d30f0529b598c1e56448c23672353753749bd6ca2a8e881b3cde703
SHA512

daf0b7feef5ecf261bcac05f268e78862d4594c508470ce77952133c137af64b9e0b89c69733cfad8d2aa7c4abcc5b50ff971c26f8881d5e9c6a4c2725942013
SSDEEP

6144:jTInkSYN8k8lWtuRgyCpyhXB62c66sIt/8b+:j1SYN/iWcR+yhTc38C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cff5d0e5e506b09c9cb493a6823a7c6d_JaffaCakes118

Files

cff5d0e5e506b09c9cb493a6823a7c6d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

86a939c5b40335562ba3d68cd69b14e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Beep
FreeLibrary
GetModuleFileNameA
GetProcAddress
lstrcmpA
GetTimeFormatW
GetSystemDefaultLangID
GetVersionExA
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
SetLastError
LockResource
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
LoadResource
lstrlenA
WaitForSingleObject
IsBadReadPtr
ReleaseMutex
CompareFileTime
CloseHandle
EnterCriticalSection
SystemTimeToFileTime
LeaveCriticalSection
GetLastError
Sleep
GetSystemTime
lstrcpynA
AreFileApisANSI
GetTickCount
GetUserDefaultLCID
LocalAlloc
GetLocaleInfoW
LocalReAlloc
GetCurrentProcess
LocalFree
DeleteFileW
ExpandEnvironmentStringsA
DeleteFileA
LoadLibraryA
LoadLibraryW
CreateProcessA
CreateProcessW
CreateMutexA
CreateMutexW
SearchPathA
SearchPathW
SetFileAttributesA
SetFileAttributesW
FindResourceA
FindResourceW
GetDateFormatW
GetTimeFormatA
ExpandEnvironmentStringsW
GetDateFormatA
HeapAlloc
GetProcessHeap
HeapFree
FreeResource

secur32

DecryptMessage
ExportSecurityContext
AddCredentialsW
SaslEnumerateProfilesW
AddSecurityPackageA
DeleteSecurityContext
RevertSecurityContext
InitializeSecurityContextA
AddSecurityPackageW
AcquireCredentialsHandleA
AcceptSecurityContext
QueryCredentialsAttributesA
SaslGetProfilePackageW
SaslIdentifyPackageA
InitSecurityInterfaceA
EnumerateSecurityPackagesW
SaslEnumerateProfilesA
ImportSecurityContextW
MakeSignature
EncryptMessage
CompleteAuthToken

Exports

Exports

chfigny

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86a939c5b40335562ba3d68cd69b14e4

Headers

File Characteristics

Imports

kernel32

secur32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.data Size: 260KB - Virtual size: 259KB

.rsrc Size: 4KB - Virtual size: 872B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 33KB

.data
Size: 260KB - Virtual size: 259KB

.rsrc
Size: 4KB - Virtual size: 872B

.reloc
Size: 4KB - Virtual size: 1KB