da1837cb0827fe4fbdddbfacd604fcd3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

da1837cb0827fe4fbdddbfacd604fcd3_JaffaCakes118
Size

9KB
MD5

da1837cb0827fe4fbdddbfacd604fcd3
SHA1

8d3f1ee8f20ea28a013f127b876360494b58b24f
SHA256

719b684e7572ec58486c1b2277065c50794b2f1c1324b6c28a063917bf9f4022
SHA512

4cb490c5c242fb97a65aa2e85754cfcbce1d3cc5753a496fb2b60af5d5ced30fc3d9735deada11758ead803dc5b05dbd8a4bc43158b9047f9e4317dbd9e8a46d
SSDEEP

192:YTt5NMrVzxukVryLwmeZgWmDrQhBXefr60peQTu8uat6:qPNyxr4wgNAPXgDpeQTu8uG6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TripleFantasy_9180D5AFFE1E5DF0717D7385E7F54386

Files

da1837cb0827fe4fbdddbfacd604fcd3_JaffaCakes118
.zip

Password: infected
TripleFantasy_9180D5AFFE1E5DF0717D7385E7F54386
.dll regsvr32 windows:5 windows x86 arch:x86

80fe5e0023a7d66fb405084fbacce81e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CryptDecrypt
CryptImportKey
CryptAcquireContextA

ntdll

memcpy
_wcslwr
wcsrchr
memset
RtlUnwind

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CreateThread
GetLastError
GetModuleFileNameW
HeapAlloc
HeapFree
GetProcessHeap
VirtualProtect
GetProcAddress
ReadFile
GetFileSize
CreateFileW
LoadLibraryW
Sleep

msvcrt

free
malloc
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv

Exports

Exports

AlgUninstall
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HNetDeleteRasConnection
HNetFreeFirewallLoggingSettings
HNetFreeSharingServicesPage
HNetGetFirewallSettingsPage
HNetGetShareAndBridgeSettings
HNetGetSharingServicesPage
HNetSetShareAndBridgeSettings
HNetSharedAccessSettingsDlg
HNetSharingAndFirewallSettingsDlg
IcfChangeNotificationCreate
IcfChangeNotificationDestroy
IcfCheckAppAuthorization
IcfCloseDynamicFwPort
IcfConnect
IcfDisconnect
IcfFreeAdapters
IcfFreeDynamicFwPorts
IcfFreeProfile
IcfFreeString
IcfFreeTickets
IcfGetAdapters
IcfGetCurrentProfileType
IcfGetDynamicFwPorts
IcfGetOperationalMode
IcfGetProfile
IcfGetTickets
IcfIsIcmpTypeAllowed
IcfIsPortAllowed
IcfOpenDynamicFwPort
IcfOpenDynamicFwPortWithoutSocket
IcfOpenFileSharingPorts
IcfRefreshPolicy
IcfRemoveDisabledAuthorizedApp
IcfSetProfile
IcfSetServicePermission
IcfSubNetsGetScope
IcfSubNetsIsStringValid
IcfSubNetsToString
RegisterClassObjects
ReleaseSingletons
RevokeClassObjects
WinBomConfigureHomeNet
WinBomConfigureWindowsFirewall

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

80fe5e0023a7d66fb405084fbacce81e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ntdll

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 66KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 66KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 2KB - Virtual size: 1KB