e9cd9aebf3b54c8912f8a204a4ec31c4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e9cd9aebf3b54c8912f8a204a4ec31c4_JaffaCakes118
Size

83KB
MD5

e9cd9aebf3b54c8912f8a204a4ec31c4
SHA1

b1ac5828462f8be309b803a9ba9416e191c933b4
SHA256

c6b90752235bc2b7479282bf9e74f961087e5672b1b2c8d8dd5fb1c69bfc1b77
SHA512

d0ad72942475f6656980bf36598fb900057336e03672152f59aed06daa02d6bd51ece4dc8077251ecdfce2f97457f150a7727d6c3b8b7c116b5fef8576456f6c
SSDEEP

1536:xeeCBiYiPsbND8RaE+3rfItc5RaJNlE1GEIH2LxXt7f:xeNbiPsbNDearbfkMRqkEEIH291f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9cd9aebf3b54c8912f8a204a4ec31c4_JaffaCakes118

Files

e9cd9aebf3b54c8912f8a204a4ec31c4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

75cae768b19dfeefb2f2d65996579d96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

shscrap.pdb

Imports

msvcrt

_vsnwprintf
_adjust_fdiv
malloc
_initterm
free

kernel32

DeleteFileW
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetTickCount
DisableThreadLibraryCalls
LockResource
LoadResource
FindResourceW
FormatMessageW
lstrlenW
GetTempFileNameW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MoveFileW
WideCharToMultiByte
lstrlenA
GlobalSize
GetLocaleInfoW
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
LocalFree
LocalAlloc

gdi32

GetStockObject
SetMapMode
LPtoDP
TextOutW

user32

PostMessageW
SetWindowLongW
EndPaint
IsWindowVisible
BeginPaint
DestroyWindow
DefWindowProcW
GetWindowLongW
RegisterClassW
LoadCursorW
SetFocus
GetClipboardFormatNameW
TranslateMessage
GetMessageW
IsWindow
CreateWindowExW
CharNextW
LoadStringW
DispatchMessageW
RegisterClipboardFormatA
RegisterClipboardFormatW
GetClientRect

advapi32

RegOpenKeyW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegCloseKey

shlwapi

ord216

comdlg32

GetSaveFileNameW

shell32

SHGetFileInfoW
SHGetSpecialFolderPathW
ord182
ord74
ord42
ord75

ole32

ReleaseStgMedium
StringFromGUID2
OleSave
OleCreateDefaultHandler
CoGetMalloc
OleCreateFromData
OleCreateLinkFromData
StgCreateDocfile
StgOpenStorage
OleLoad
OleRun
CoTaskMemFree
OleDraw
CreateGenericComposite
CreateFileMoniker
CreateItemMoniker
StgIsStorageFile
OleUninitialize
OleInitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
OpenScrap_RunDLL
OpenScrap_RunDLLA
OpenScrap_RunDLLW
Scrap_CreateFromDataObject

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75cae768b19dfeefb2f2d65996579d96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

gdi32

user32

advapi32

shlwapi

comdlg32

shell32

ole32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 56KB - Virtual size: 56KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB