d257f78631b8bd1bb5b3cb20f64e51e4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d257f78631b8bd1bb5b3cb20f64e51e4_JaffaCakes118
Size

123KB
MD5

d257f78631b8bd1bb5b3cb20f64e51e4
SHA1

be3ca889b78d93e12b569dfdf11f4dd01582f27a
SHA256

a53de13268de58914b664accb31bf12eef338137a8044959e98efe8097364fa4
SHA512

4de49baa40cfda11a96be6397ac93df4bc6c548cfdf987d813e3c8117f763421873678514fff5cf9b42319c4ae25f32a3857d33984c80f513186b06118156b69
SSDEEP

3072:aEmumIYvpAvxK7/hSfHyvKrql85N5esH/arptMKw+CP/6lyab:9XkCqyqu5Z/aFtnwPP/v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d257f78631b8bd1bb5b3cb20f64e51e4_JaffaCakes118

Files

d257f78631b8bd1bb5b3cb20f64e51e4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

53e5621237e5db9b3b17fbddb1e9f82e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
SetErrorMode
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
TerminateProcess
GetCurrentProcess
CreateFileA
CreateFileW
FormatMessageA
LocalFree
GetUserDefaultLCID
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
lstrlenA
GetLocaleInfoA
lstrcpyW
lstrcatW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetStringTypeW
GetStringTypeA
RaiseException
LocalAlloc
FreeLibrary
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualProtect
ReadFile
LCMapStringW
LCMapStringA
HeapSize
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
GetEnvironmentStringsW
GetLastError
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapAlloc
HeapFree
RtlUnwind
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
VirtualQuery
ExitProcess
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetSystemInfo

user32

GetFocus

advapi32

RegCreateKeyExW
RegEnumKeyA
RegEnumValueA
CryptAcquireContextW
CryptAcquireContextA
RegQueryValueExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA

ole32

MkParseDisplayName
CLSIDFromProgID
CoCreateFreeThreadedMarshaler
CLSIDFromString
CreateBindCtx
CoUninitialize
CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
CoCreateGuid
StringFromGUID2

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53e5621237e5db9b3b17fbddb1e9f82e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 4KB - Virtual size: 37KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 4KB - Virtual size: 37KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB