d2c6b7c2621c1a3821423a838d00c7cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d2c6b7c2621c1a3821423a838d00c7cd_JaffaCakes118
Size

80KB
MD5

d2c6b7c2621c1a3821423a838d00c7cd
SHA1

25acb29dae5627a64633a1a9595562f4d798c89f
SHA256

8deba3182a4e0429942e76d01526161d163013803c88b49e571f0bc9e2479eff
SHA512

49f158ad63daa0a51cd0d78337b03ed0c708f8ded3f4f19649cf3388d5cf631825e6fb187a98bc12e3edd48f053c0c3fe05f5eaecc9080d87041c6c324bdab48
SSDEEP

768:awmue6bmca9ViealxEyfbVSTcQJPQj5/J2psvkCwhrXN2jQ5hKdcVOVtw1kJaA8t:HaLakIhXYQF/JWTpojQzKyrAsiEYcDT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2c6b7c2621c1a3821423a838d00c7cd_JaffaCakes118

Files

d2c6b7c2621c1a3821423a838d00c7cd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9a444b77af751ebd72614b732cb956b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExpandEnvironmentStringsA
SetFilePointer
FillConsoleOutputAttribute
LockFileEx
GetDateFormatA
WaitCommEvent
SetTimeZoneInformation
SetMailslotInfo
ResetEvent
GetThreadContext
EnumUILanguagesW
GetComputerNameW
WaitNamedPipeA
CreateMailslotA
TerminateProcess
lstrcmpW
EnumResourceNamesW
lstrcmpA
LoadResource
GetExitCodeProcess
SleepEx
GlobalHandle
AreFileApisANSI
OpenThread
GetTimeFormatW
DnsHostnameToComputerNameW
SizeofResource
SetSystemTime
GlobalMemoryStatus
GetFileInformationByHandle
SetConsoleTextAttribute
EnumResourceLanguagesA
SetCommBreak
WaitNamedPipeW
ProcessIdToSessionId
SetCurrentDirectoryW
GetCurrentProcess
FindCloseChangeNotification
GetOverlappedResult
GetSystemWow64DirectoryW
ReadConsoleA
GetTempPathW
GetTempFileNameA
LocalLock
ReadConsoleInputA
SetEnvironmentVariableA
GetAtomNameA
HeapLock
IsBadStringPtrA
OpenMutexW
ReplaceFileW
GetStartupInfoW
UnlockFileEx
GetDriveTypeA
GetModuleFileNameA
InterlockedCompareExchange
SetEvent
GetModuleHandleA
GetProcAddress
VirtualProtect
LoadLibraryA
OpenEventA
CreateFileA
GetSystemDirectoryA
HeapAlloc
UnmapViewOfFile
LocalFree
Sleep
CloseHandle
EnterCriticalSection
lstrlenW
HeapFree
lstrcpynA
CreateEventA

oleaut32

SysAllocStringLen

advapi32

QueryServiceConfigA
RegOpenKeyW
StartServiceCtrlDispatcherA
GetUserNameA
RegOpenCurrentUser
OpenProcessToken
ElfReportEventW
ImpersonateAnonymousToken
ImpersonateNamedPipeClient
OpenEventLogA
RegEnumValueA
OpenThreadToken
RegDeleteKeyW
QueryServiceStatusEx
CredFree
RegFlushKey
SetSecurityInfo
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
CreateProcessWithLogonW
ElfRegisterEventSourceW
SetThreadToken

Exports

Exports

CPlApplet

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a444b77af751ebd72614b732cb956b1

Headers

File Characteristics

Imports

kernel32

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB