e26468f0c3efa7e0c2cf53c17f6d5d44_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e26468f0c3efa7e0c2cf53c17f6d5d44_JaffaCakes118
Size

288KB
MD5

e26468f0c3efa7e0c2cf53c17f6d5d44
SHA1

5d6de6a5d5c8fc8730dacb12f57e69ed87381a0e
SHA256

652b4450e81b545277fb1058f7e3db8e134a3a3d71dcb9a4e9bb2be9aeca35d2
SHA512

ac7bf88b411bd30e72452a5d09f81c881f16b143ab6a63bc02cab3d6c6c34d5e89c18299f282173da008134df0341e33db61d7f2ac85e088ad0c2b0d97ddd55c
SSDEEP

3072:nrOWQ2XQYborsGLyq+K7RbepMKBibvHBHOTBfRPz4WtHRgCzZJAp6kR:sCQUorzb7wmKBibvlOTBJTR7t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e26468f0c3efa7e0c2cf53c17f6d5d44_JaffaCakes118

Files

e26468f0c3efa7e0c2cf53c17f6d5d44_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

fd2b83951b181710ce144afa06338bca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup
WSACleanup
WSAStartup
WSACleanup

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapCreate
GetEnvironmentStringsW
GetStringTypeW
GetStringTypeA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
InterlockedIncrement
lstrlenW
ExitProcess
GetProcAddress
GetModuleHandleW
GetCurrentProcessId
GetCurrentProcess
Sleep
CreateThread
DecodePointer
EncodePointer
GetModuleFileNameW
CloseHandle
GetLastError
InterlockedDecrement
SetLastError
WaitForSingleObject
lstrlenA
WriteFile
ReadFile
CreateMutexW
GetModuleHandleA
LoadLibraryW
VirtualAllocEx
GetCurrentThreadId
VirtualFreeEx
DuplicateHandle
VirtualAlloc
LoadLibraryA
CreateEventW
InterlockedCompareExchange
GetTickCount
FlushFileBuffers
CreateFileA
GetConsoleMode
FreeEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetOEMCP
IsValidCodePage
GetSystemTime
GetConsoleCP
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
SetFilePointer
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetStdHandle
GetModuleHandleA
GetModuleHandleA

Exports

Exports

DllRegisterServer
DllUnregisterServer
NSPCleanup
NSPStartup
Register

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd2b83951b181710ce144afa06338bca

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 142KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 44KB - Virtual size: 51KB

.rsrc Size: 32KB - Virtual size: 30KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 144KB - Virtual size: 142KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 44KB - Virtual size: 51KB

.rsrc
Size: 32KB - Virtual size: 30KB

.reloc
Size: 20KB - Virtual size: 17KB