da8382ae4332f9c17fc81db4bb0dc044_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

da8382ae4332f9c17fc81db4bb0dc044_JaffaCakes118
Size

232KB
MD5

da8382ae4332f9c17fc81db4bb0dc044
SHA1

30d993c71e18b7ac51c82a2fe156667b9e71dd6c
SHA256

2620d300ce983af3e401c475534d72313feb2c271203c30b7196c54794c1a7bf
SHA512

a69495362dac423393623b3ff0de99ce460132c2ab980078ec9ba88d7f68143bcf5fe1ed3331a7b5444ee18b03453a6c48e7f589b0f7af6e49d8f8d7f7cc4ff0
SSDEEP

6144:xv4Tfkq4w1pb7owYOVBlfGdLgLKLCpjrzK7d2uUm:xv4TfkYb7J1YLgUCpvzfuU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da8382ae4332f9c17fc81db4bb0dc044_JaffaCakes118

Files

da8382ae4332f9c17fc81db4bb0dc044_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7c20d16233f1fb21e295ea0c1c59f481

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memmove
wcslen
??0exception@@QAE@ABV0@@Z
_callnewh
wcscat
wcscmp
swscanf
_except_handler3
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_purecall
wcschr
wcspbrk
__CxxFrameHandler
_wcsicmp
wcsspn
free
_CxxThrowException
malloc
_ultow
wcstoul
wcstok
wcscpy

msvcp60

??1_Lockit@std@@QAE@XZ
?nothrow@std@@3Unothrow_t@1@B
??0_Lockit@std@@QAE@XZ
??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z

atl

ord16
ord18
ord22
ord15
ord32
ord21

iaspolcy

IASAttributeAnsiAlloc
IASAttributeAddRef
IASAttributeRelease
IASAttributeAlloc
IASAttributeUnicodeAlloc

iassvcs

IASGetDictionary
IASVariantChangeType
IASGetLocalDictionary
IASRegisterComponent

advapi32

AllocateAndInitializeSid
FreeSid
EqualSid

kernel32

SwitchToThread
TryEnterCriticalSection
GetLocalTime
InterlockedExchange
ReleaseSemaphore
SystemTimeToFileTime
LocalFree
DisableThreadLibraryCalls
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
VirtualProtect
GetSystemTimeAsFileTime
WideCharToMultiByte
CreateSemaphoreW
InterlockedExchangeAdd
WaitForSingleObject

ole32

CoTaskMemFree
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc

oleaut32

SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreateVector
SafeArrayUnaccessData
UnRegisterTypeLi
SetErrorInfo
LoadRegTypeLi
VariantTimeToSystemTime
VariantClear
SafeArrayAccessData
VariantCopy
SysAllocString
SysFreeString
VariantInit

Exports

Exports

DllCanUnloadNok
DllGetClassObject
DllRegisterServea
DllUnregisterServed
IASEvaluateExpression
IASEvaluateTimeOfDay
IASParseExpression
IASParseExpressionEx

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c20d16233f1fb21e295ea0c1c59f481

Headers

File Characteristics

Imports

msvcrt

msvcp60

atl

iaspolcy

iassvcs

advapi32

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 181KB - Virtual size: 180KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 45KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 181KB - Virtual size: 180KB

.reloc
Size: 4KB - Virtual size: 4KB