f27d0ce1d6f4f2dc3ca5cd5d21185e04_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f27d0ce1d6f4f2dc3ca5cd5d21185e04_JaffaCakes118
Size

1.2MB
MD5

f27d0ce1d6f4f2dc3ca5cd5d21185e04
SHA1

ceb9a18cca6d60940ba6817f65b0c7d6c715ba9a
SHA256

eee2e1a66ec290793a4c288e15f1517031ae55eb7af9a1f5215ca63366c067d0
SHA512

55de677ed09b5cae3a18a799b010e09e2e33446f306b858d7b58adfcfc1aab83968320f898f354f28da57e86038b9c93d6a771760a8cc76e8481c1e9cc06a6ea
SSDEEP

24576:PyTonNVlKTt/Q5ECvVP7hpJMvjtKpvPf9+m6kLRqgSyI:PyWRKTt/QlPVp3h9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f27d0ce1d6f4f2dc3ca5cd5d21185e04_JaffaCakes118

Files

f27d0ce1d6f4f2dc3ca5cd5d21185e04_JaffaCakes118
.dll windows:5 windows x64 arch:x64

687efd2fbde0f23e458ecdcacb3fde47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dpamnlrd.pdb

Imports

user32

InsertMenuW
DrawIconEx
DrawStateW
DrawTextW

gdi32

GetCharWidthW
GetSystemPaletteEntries
GetTextExtentExPointI
GetCharWidth32A
GetViewportOrgEx
DeleteEnhMetaFile
GetWindowExtEx

kernel32

FreeResource
FillConsoleOutputCharacterA
DeleteTimerQueueTimer
GetThreadId
LoadLibraryA
lstrcmpiW
GetPrivateProfileStringW
GetCurrentThread
GlobalDeleteAtom
VirtualAlloc
DebugActiveProcess
GetCommProperties
ConvertDefaultLocale
GetNLSVersion
GetLastError
GetThreadTimes
GetEnvironmentStringsW

advapi32

GetSecurityDescriptorSacl
LookupAccountSidA
DecryptFileW
DeregisterEventSource

comdlg32

GetFileTitleW

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 909KB - Virtual size: 909KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

687efd2fbde0f23e458ecdcacb3fde47

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

kernel32

advapi32

comdlg32

Exports

Exports

Sections

.text Size: 909KB - Virtual size: 909KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 65KB - Virtual size: 65KB

.pdata Size: 512B - Virtual size: 312B

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 512B - Virtual size: 348B

Size: 276KB - Virtual size: 276KB

Size: 512B - Virtual size: 318B

Size: 512B - Virtual size: 503B

.text
Size: 909KB - Virtual size: 909KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 65KB - Virtual size: 65KB

.pdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 512B - Virtual size: 348B