d9957cbe2911afd723561ce3be865d81_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d9957cbe2911afd723561ce3be865d81_JaffaCakes118
Size

138KB
MD5

d9957cbe2911afd723561ce3be865d81
SHA1

9db1b88db9433a4a95cc746ad52184639557db02
SHA256

9c42eb36947537024b53780e8eec17cd8933db20c59c019b942cb7ca2a8657aa
SHA512

82a362d24c7d2d91d2978208ae9d7274fb9443cc5727ba54ead73368c3e1f9f315cf217ec2a30372e200911eabeeed22c66ae38ba43055c081e1fa1a551f411b
SSDEEP

1536:41BtuV1DIJOhYK9kMpiG+mQasO6dIn1k2JA+CnLpcTqA2hKSmu4wIAYW3IJX6I2I:+y1EJOhYiomqO6dIrJmn6TqAtJ9Qg2W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9957cbe2911afd723561ce3be865d81_JaffaCakes118

Files

d9957cbe2911afd723561ce3be865d81_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e6d5533edf27cf8765293f89e96a56b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedCompareExchange
InterlockedExchange
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
SetEvent
ExpandEnvironmentStringsA
CreateDirectoryA
CreateEventA
GetCurrentThread
GetLocalTime
LocalFree
WaitForSingleObject
ReleaseMutex
GetTickCount
GetPrivateProfileIntA
CreateFileA
CloseHandle
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalAlloc
UnhandledExceptionFilter
GetComputerNameW
GetComputerNameExW
GetLastError
LoadLibraryW
GlobalAlloc
GetProcAddress
FreeLibrary
TerminateProcess
GetCurrentProcess
SetLastError
SetUnhandledExceptionFilter
Sleep
VirtualProtect
GlobalFree
GetCommandLineA
CreateMutexA

user32

wvsprintfA
wsprintfA
wsprintfW

advapi32

RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
IsValidSid
ConvertStringSidToSidA
RegCloseKey
EqualSid
GetUserNameW
InitializeAcl
GetLengthSid
RegOpenKeyExA
AddAccessAllowedAce

rpcrt4

NdrClientCall2
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
RpcStringBindingComposeW

msvcr71

wcscmp
__dllonexit
__CppXcptFilter
fopen
memset
strncpy
_XcptFilter
_amsg_exit
fclose
_except_handler3
_adjust_fdiv
_initterm
free
wcsncpy
wcslen
wcschr
_onexit
_wcsnicmp
iswctype
_wcsicmp
wcscpy
malloc
wcscat
fwrite

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6d5533edf27cf8765293f89e96a56b2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

rpcrt4

msvcr71

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 35KB

.rsrc Size: 42KB - Virtual size: 42KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 35KB

.rsrc
Size: 42KB - Virtual size: 42KB

.reloc
Size: 3KB - Virtual size: 2KB