dec49fce393c02029c84fa6dd21e2607_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dec49fce393c02029c84fa6dd21e2607_JaffaCakes118
Size

102KB
MD5

dec49fce393c02029c84fa6dd21e2607
SHA1

1cd85d708258fe203befc301f85adcb8a38d5fc3
SHA256

c031a86a4cf1d9524f371cd2ecc5399b4df0aa0b45ea33642a98b5331ad77c38
SHA512

dc5a39cd961c47835582d269682a4bf74af362b5e01117f52c0f7cab2b010eafcf9bdafa8d5683a577e64dcd25869a397238e0dbeb743885c25d34d701ee913b
SSDEEP

3072:JDhbkzG4TqrJY9Wmeiv7tIeH6cT2y5XblFq45umf:FhbkzWm17CeCyLFZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dec49fce393c02029c84fa6dd21e2607_JaffaCakes118

Files

dec49fce393c02029c84fa6dd21e2607_JaffaCakes118
.dll windows:4 windows x86 arch:x86

331d6e1a001b33928ffdd23504ef8040

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
InterlockedCompareExchange
DisableThreadLibraryCalls
HeapCreate
HeapDestroy
TlsSetValue
TlsGetValue
CompareFileTime
UnmapViewOfFile
TlsFree
GetCurrentProcessId
WaitForSingleObjectEx
HeapAlloc
GetLastError
CompareStringW
SearchPathW
CloseHandle
CreateFileW
GetProcAddress
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
GlobalUnlock
GlobalLock
GetModuleFileNameW
DeleteCriticalSection
InterlockedIncrement
lstrlenW
LoadLibraryW
SetErrorMode
GlobalReAlloc
GlobalAlloc
GetCurrentThreadId
LocalFree
WaitForSingleObject
SleepEx
LocalAlloc
CreateThread
lstrcmpW
GetCurrentDirectoryW
FreeResource
LockResource
LoadResource
LoadLibraryExW
FindResourceW
GetPrivateProfileStringW
ExitThread
SetEvent
ResetEvent
CreateEventA
_lread
GlobalFree
GlobalHandle
GetFileTime
GetFileSize
FreeLibrary
Sleep
InterlockedExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion
VirtualProtect
InterlockedDecrement
GetTickCount

user32

MessageBoxW
SendMessageA
NotifyWinEvent
LoadIconA
RegisterClassA
DestroyWindow
PostThreadMessageA
UnregisterClassA
PostMessageA
LoadStringA
IsWindow
PostMessageW
LoadStringW

advapi32

DeregisterEventSource
RegQueryValueExW
RegCloseKey
RegisterEventSourceW
ReportEventA
RegSetValueExW
RegOpenKeyExW

gdi32

GetBkMode
GetObjectW

ole32

CoUninitialize

msvcrt

__CxxFrameHandler
_adjust_fdiv
malloc
_initterm
memcpy
_vsnwprintf
wcschr
iswctype
towlower
wcsrchr
free
memmove
memset
_except_handler3

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

331d6e1a001b33928ffdd23504ef8040

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

msvcrt

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 34KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 34KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB