e25c426c4381ca5371927af1d7db3db9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e25c426c4381ca5371927af1d7db3db9_JaffaCakes118
Size

28KB
MD5

e25c426c4381ca5371927af1d7db3db9
SHA1

db9d18d257df0bb2ef894e3c25dbe42fb787ed34
SHA256

db4f8621534da5298537adee8d318c1c295c8f6b106c5153f9a76703bd7e07ce
SHA512

5f98f710f4f76fd5596633b35dc46d3c218566e361d59f466b23b5ebc95d4680394b48a97e08379749d1251656bc5a24eec7e2f286cb44cfebf4457425ce4dbe
SSDEEP

384:VAytcHXrKVkQqmYeOuO6zb9Y09+TzfBsjJbC4X0B8N9wWu3XXANHXTI9HUv0L:V1tMbMlaoH9b96+jJbl0BCwWunq09Hx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e25c426c4381ca5371927af1d7db3db9_JaffaCakes118

Files

e25c426c4381ca5371927af1d7db3db9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d83ab7d32dcad8495d38cf013e8e7386

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
MultiByteToWideChar
HeapReAlloc
DebugBreak
GetCurrentProcess
FlushInstructionCache
lstrlenW
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
HeapCreate
GetVersionExW
GetSystemInfo
HeapAlloc
DisableThreadLibraryCalls
lstrlenA

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

oleaut32

SafeArrayCreateVector
SafeArrayAccessData
SysFreeString
SysAllocString
VariantClear
SafeArrayUnaccessData
SafeArrayDestroy
LoadRegTypeLi
DispCallFunc
SysStringLen

atl

ord11
ord23
ord21
ord58
ord31
ord30
ord10
ord32
ord15
ord18
ord57
ord16

shlwapi

StrStrIW
StrStrW

msvcp60

?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB

msvcrt

wcsstr
wcslen
memcpy
memcmp
__dllonexit
_onexit
memset

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.456oc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d83ab7d32dcad8495d38cf013e8e7386

Headers

File Characteristics

Imports

kernel32

advapi32

oleaut32

atl

shlwapi

msvcp60

msvcrt

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 3KB

.rsrc Size: 9KB - Virtual size: 11KB

.456oc Size: 4KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 11KB

.456oc
Size: 4KB - Virtual size: 4KB