f58c8785062924773594271343f83fbb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f58c8785062924773594271343f83fbb_JaffaCakes118
Size

72KB
MD5

f58c8785062924773594271343f83fbb
SHA1

c880c0a4de5045eeb3ea79ca990b2b0c9d23b7ea
SHA256

fde3aeca788c22b230943ee35d1ecc740fe31cfa83058f3a1e47da004bd9f690
SHA512

ca0b64626f0570892b126d059c3e4ca19fcbf1994028504e2fce656ef6b2096733f37e74b5ca0299cc7744812552be2325163093b2785feca363e0617e6502ca
SSDEEP

1536:MjBSR3Qug9dS5maoUVoW50PyhRpdJrJACRlxV+I:+BStg0uMWy/ECRlLR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f58c8785062924773594271343f83fbb_JaffaCakes118

Files

f58c8785062924773594271343f83fbb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4b0365f681e21d59d5000bbb8cfb577f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

p:\PPWork\Pxp2\installer\src\msvcsl\Release\msvcsl.pdb

Imports

kernel32

DeleteFileW
GetLastError
WritePrivateProfileStringW
WideCharToMultiByte
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
GetWindowsDirectoryW
CreateDirectoryW
GetTempPathW
HeapSize
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
ReadFile
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
MoveFileW
RtlUnwind
ExitProcess
RaiseException
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
CloseHandle
WriteFile
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
SetUnhandledExceptionFilter
HeapAlloc
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InterlockedExchange
VirtualQuery
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileW
MultiByteToWideChar
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA

shell32

ShellExecuteExW

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

ws2_32

send
closesocket
recv
connect
socket
gethostbyname
htons
WSACleanup
inet_addr
WSAStartup
select

netapi32

Netbios

Exports

Exports

mainload
uctvreg

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b0365f681e21d59d5000bbb8cfb577f

Headers

File Characteristics

PDB Paths

Imports

kernel32

shell32

wininet

ws2_32

netapi32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 4KB