dcb03c3edff61bccef44d8866013b5d7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dcb03c3edff61bccef44d8866013b5d7_JaffaCakes118
Size

324KB
MD5

dcb03c3edff61bccef44d8866013b5d7
SHA1

22668f51d409715b37cb7d025817e0b92de0b68d
SHA256

152d4d4dcff45545a230590c3309637e677f76ab9fa2bcfde7cdc8a0d52a806d
SHA512

7e62d7bbe684ca1f4bcca8a58b86dad876e07f9dc339ecf354b2ecd3b8d2007d6b15bc293c7d836495cbccc91a87a9216bfd966fcfbe9d558d717c5f3a6089ec
SSDEEP

6144:+E3cVROh4NKYcCoZ4Xzo8F27SgtaSh21c35fukn5okHZ14JIFjRf5:+Ocqh4NKYcCoZgM8F2XgSGc35p5oyIqL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcb03c3edff61bccef44d8866013b5d7_JaffaCakes118

Files

dcb03c3edff61bccef44d8866013b5d7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

563e5757b6c774d4b588b0df29ac33c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringFreeW

kernel32

LoadLibraryExW
InterlockedDecrement
MultiByteToWideChar
InterlockedIncrement
DisableThreadLibraryCalls
GetModuleFileNameW
HeapDestroy
EnterCriticalSection
DeleteCriticalSection
lstrcpynW
FindResourceW
lstrcmpiW
lstrlenA
GetStartupInfoA
lstrcatW
LoadResource
LeaveCriticalSection
GetLastError
InitializeCriticalSection
lstrlenW
lstrcpyW
FreeLibrary

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

ntdll

RtlAddAccessAllowedAce
NtAllocateVirtualMemory
RtlAdjustPrivilege

msvcrt

_except_handler3
_purecall
wcslen
wcsncat
_initterm
_adjust_fdiv
free
malloc
wcscpy
realloc
wcsncpy
__CxxFrameHandler

user32

CharNextW

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

oleaut32

VariantClear

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

563e5757b6c774d4b588b0df29ac33c3

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

ole32

ntdll

msvcrt

user32

advapi32

oleaut32

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 1.4MB

.rdata Size: 298KB - Virtual size: 298KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 1.4MB

.rdata
Size: 298KB - Virtual size: 298KB

.tls
Size: 512B - Virtual size: 4KB