e01fe9ec970b25ad53d2fdff17c6736e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e01fe9ec970b25ad53d2fdff17c6736e_JaffaCakes118
Size

448KB
MD5

e01fe9ec970b25ad53d2fdff17c6736e
SHA1

d31ec45eb9b2eb38c5999a189c0a9812d8f6c19f
SHA256

3fefebb4b66b5dca6aae979bd56b2618418bcbaf53e72e69b56721d71e9294e5
SHA512

b04c21c3505b48916647670c5ed904f20f9269c73e1875a8fdceffe6ccbe9250f3df0a2f0e693f2b87e35242f771d44fbcdb8c2b0717998f35775b88fc2c95a7
SSDEEP

12288:loGju0wqWvdPCdMSs/r0KkO2p0ZQSrNfcvjf+lFX:lZjunqvqSs/gKH2pmQm9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e01fe9ec970b25ad53d2fdff17c6736e_JaffaCakes118

Files

e01fe9ec970b25ad53d2fdff17c6736e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

36a9a9f5f107a4d06d376af48cc8893c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ActivateKeyboardLayout
CharUpperBuffA
CreateCursor
CreatePopupMenu
DestroyCursor
DestroyIcon
DestroyMenu
EndDeferWindowPos
IsCharLowerA
LoadMenuA
MessageBoxA
OemToCharA
OffsetRect
PostMessageA
SendMessageA
SetCursor
UpdateWindow

kernel32

SetLastError
WriteTapemark
VirtualQuery
VirtualProtectEx
VerLanguageNameA
SetUnhandledExceptionFilter
SetLocaleInfoW
ResetWriteWatch
SetFilePointer
SetCalendarInfoW
SetCalendarInfoA
SearchPathW
BeginUpdateResourceA
DeleteFileA
DnsHostnameToComputerNameA
EnumCalendarInfoW
EnumLanguageGroupLocalesW
ExitProcess
FreeUserPhysicalPages
GetACP
GetCommandLineA
GetDateFormatA
GetFileSize
GetFullPathNameA
GetLongPathNameW
GetPrivateProfileIntA
GetProcAddress
GetTickCount
GlobalUnWire
Heap32Next
HeapAlloc
HeapDestroy
InterlockedCompareExchange
LoadLibraryExA
Module32FirstW
OutputDebugStringA
Process32First
ProcessIdToSessionId

winmm

mixerGetLineControlsW
mixerGetNumDevs
mixerOpen
mixerSetControlDetails
mixerGetDevCapsW
mixerGetDevCapsA
mixerGetControlDetailsW
midiStreamPosition
midiStreamPause
midiStreamOut
midiStreamOpen
midiOutUnprepareHeader
midiOutShortMsg
midiOutSetVolume
midiOutReset
midiOutOpen
midiOutMessage
midiOutLongMsg
midiOutGetNumDevs
midiOutGetID
midiOutPrepareHeader

ntdll

RtlGetSecurityDescriptorRMControl
RtlGetCurrentDirectory_U
RtlFindLeastSignificantBit
RtlImageDirectoryEntryToData
NtYieldExecution
NtSetIoCompletion
RtlIsDosDeviceName_U
NtSetInformationThread
RtlNewSecurityGrantedAccess
RtlNtStatusToDosError
RtlQueryAtomInAtomTable
RtlReleaseResource
RtlTraceDatabaseFind
RtlUpcaseUnicodeStringToCountedOemString
RtlUpdateTimer
ZwAccessCheckAndAuditAlarm
RtlDeregisterWait
ZwAccessCheckByTypeResultList
ZwQueryDefaultUILanguage
ZwPrivilegeCheck
ZwOpenTimer
ZwFsControlFile
ZwFindAtom
NtAllocateUuids
NtCreatePort
NtCreateProfile
NtOpenDirectoryObject
NtQueryAttributesFile

version

GetFileVersionInfoA
VerQueryValueW
VerInstallFileW
VerInstallFileA
VerFindFileW
GetFileVersionInfoSizeA

comdlg32

ChooseColorA
ChooseFontW
CommDlgExtendedError
FindTextW
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
LoadAlterBitmap
PageSetupDlgA
ChooseFontA

setupapi

SetupDiGetHwProfileFriendlyNameExW
CM_Query_And_Remove_SubTree_ExA
CM_Get_Depth_Ex
SetupDiInstallClassW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 667KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36a9a9f5f107a4d06d376af48cc8893c

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

winmm

ntdll

version

comdlg32

setupapi

Sections

.text Size: 57KB - Virtual size: 57KB

.data Size: 362KB - Virtual size: 667KB

.rsrc Size: 27KB - Virtual size: 26KB

.text
Size: 57KB - Virtual size: 57KB

.data
Size: 362KB - Virtual size: 667KB

.rsrc
Size: 27KB - Virtual size: 26KB