d2a407bd16c924deff68958ca7aaabae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d2a407bd16c924deff68958ca7aaabae_JaffaCakes118
Size

410KB
MD5

d2a407bd16c924deff68958ca7aaabae
SHA1

03f9cc97a9e652eeac831de823a2c1393a9c794c
SHA256

1b22301ff4e3a571ec6dac8bee069c35a6917a100614640d8c07334f6f8c5e62
SHA512

0d96b22d25842e1a0f48283c6935c3fd0d7dc5955a52b87a67f70599fae5efba852fb806336dd772242777e68504f56ed6d11d23b516add952f5e3792b7e8bcb
SSDEEP

6144:cO144ggU7OHc9LCvsuR2Q57xKIkiN0Thn0QB9t8miF5qPbpLZ94nV9E:/LUOc4vsuR37xKIkiNrQumiHqP9AV9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2a407bd16c924deff68958ca7aaabae_JaffaCakes118

Files

d2a407bd16c924deff68958ca7aaabae_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3d8b67becf8f137d39ec28fdffdf1641

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dnsapi

DnsReplaceRecordSetW

mswsock

AcceptEx
GetAcceptExSockaddrs

ole32

CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance

userenv

RsopSetPolicySettingStatus

kernel32

ExpandEnvironmentStringsW
SizeofResource
FindClose
GetUserDefaultLCID
GetTickCount
TlsAlloc
GetProfileStringW
SetUnhandledExceptionFilter
ResetEvent
GlobalReAlloc
GlobalFree
GetSystemTimeAsFileTime
DeleteCriticalSection
WideCharToMultiByte
CreateEventW
EnterCriticalSection
TlsFree
DeleteFileW
TlsGetValue
lstrcpynW
GetShortPathNameW
FreeResource
LocalReAlloc
GetCurrentDirectoryW
GetACP
FindResourceA
InterlockedExchange
InterlockedIncrement
SetCurrentDirectoryW
GetModuleFileNameW
GetVolumeInformationW
CreateThread
SetErrorMode
LoadLibraryW
GetFullPathNameW
lstrlenW
InterlockedCompareExchange
UnhandledExceptionFilter
GetVersionExA
FormatMessageW
GetModuleHandleW
GetSystemDefaultUILanguage
FindResourceExW
GetModuleHandleA
LocalFree
lstrcpyW
FreeLibrary
LoadLibraryA
GetTempFileNameW
SetEvent
DelayLoadFailureHook
InterlockedDecrement
FindFirstFileW
GlobalUnlock
MulDiv
LoadResource
WaitForSingleObject
CloseHandle
lstrlenA
GetProcessVersion
DisableThreadLibraryCalls
GetFileAttributesW
QueryPerformanceCounter
CreateFileW
InitializeCriticalSectionAndSpinCount
GetProcAddress
GlobalLock
FreeLibraryAndExitThread
TlsSetValue
LeaveCriticalSection
GetCurrentProcess
LocalSize
LockResource
GlobalAlloc
lstrcpyA
GetLastError
GetLocaleInfoW
GetDriveTypeW
FindResourceW
lstrcmpiW
SetLastError
LocalAlloc
TerminateProcess
lstrcmpW
FindNextFileW
MultiByteToWideChar
GetCurrentProcessId
GetCurrentThreadId

ntdll

RtlIsNameLegalDOS8Dot3
_wcsicmp
RtlUnwind
RtlUnicodeToMultiByteSize
wcslen
NtAllocateVirtualMemory
_chkstk
_vsnwprintf
strlen
memmove
RtlAnsiStringToUnicodeString
NtQueryVirtualMemory

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d8b67becf8f137d39ec28fdffdf1641

Headers

File Characteristics

Imports

dnsapi

mswsock

ole32

userenv

kernel32

ntdll

Sections

.text Size: 8KB - Virtual size: 7KB

.rsrc Size: 33KB - Virtual size: 32KB

.rdata Size: 359KB - Virtual size: 359KB

.data Size: 8KB - Virtual size: 928KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 33KB - Virtual size: 32KB

.rdata
Size: 359KB - Virtual size: 359KB

.data
Size: 8KB - Virtual size: 928KB

.reloc
Size: 512B - Virtual size: 20B