f6a8a5024456f97f5dfc104afad24ea4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6a8a5024456f97f5dfc104afad24ea4_JaffaCakes118
Size

48KB
MD5

f6a8a5024456f97f5dfc104afad24ea4
SHA1

8610fc0549c7101ba940b8d60c2e32242f656dc8
SHA256

50c9dc255f5a2d50df5fbef8855304d38241149b11a781d38fc343a302c64c0f
SHA512

31f06aa37391cf993ae6098912b60a17e67c91a71f517ad72efe101f0a1c740edd5e65a9511fd1bf764c4b3663ba7c538782b48ee03c6c8b486a2724697afd56
SSDEEP

1536:9sEf63vDhfpYkdDxx9G1ENzvdZRG3LasnRjUjHmMQFtT4TnJcvIZ1S:9GpxF96Ehv7RG3euRjUjGjFtUTnJcvIW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6a8a5024456f97f5dfc104afad24ea4_JaffaCakes118

Files

f6a8a5024456f97f5dfc104afad24ea4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8dd86af14051372c1bbe1f9649995acd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
EnumResourceLanguagesW
EnumResourceTypesA
ExitProcess
GetACP
GetCommandLineA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetVersion
HeapAlloc
LeaveCriticalSection
LocalAlloc
MultiByteToWideChar
OpenFile
SetLastError
SetUnhandledExceptionFilter
Sleep
VirtualAlloc
VirtualFree
lstrcmpiA
lstrcpyA
lstrcpynA

msvcrt

fwprintf
free
_wcsicmp
__set_app_type
__getmainargs
__p__commode
exit

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateOleAdviseHolder
OleInitialize
OleQueryLinkFromData
RegisterDragDrop
StgCreateDocfile
StringFromGUID2
WriteClassStg
WriteClassStm

ntdll

NtOpenKey
NtOpenSymbolicLinkObject
NtOpenThreadToken
NtCreateSemaphore
RtlCharToInteger
RtlEnterCriticalSection
RtlInitString
RtlInitUnicodeString
RtlLeaveCriticalSection
RtlNtStatusToDosError
NtCreateSection
LdrUnloadDll
RtlAppendUnicodeStringToString

shlwapi

SHSetValueW
PathSkipRootW
PathIsUNCW
StrCmpIW
PathFindNextComponentW
PathFindFileNameW
PathFindExtensionW
StrFormatKBSizeW
StrRChrW
StrRetToBufW
PathAppendW
PathAddBackslashW
PathIsPrefixW
AssocCreate

comdlg32

ChooseColorA
CommDlgExtendedError
GetFileTitleW
GetOpenFileNameA
ChooseFontW
FindTextW
FindTextA
ChooseColorW
PrintDlgW
PageSetupDlgW
PageSetupDlgA
LoadAlterBitmap
GetSaveFileNameW
GetOpenFileNameW

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx

winmm

mixerGetLineInfoA
mmGetCurrentTask
midiStreamOpen

oleaut32

SafeArrayCreate
GetErrorInfo
ClearCustData
SetErrorInfo
SysFreeString
SysReAllocString
OleLoadPicture

user32

GetMenu
ShowCaret
OemToCharW
OemToCharBuffA
CharToOemBuffA
CharUpperA
CreateCursor
DrawCaption
EmptyClipboard
EnableScrollBar
GetMessageA
IsCharLowerA
LoadImageA
LoadMenuA
MessageBoxIndirectA

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dd86af14051372c1bbe1f9649995acd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ole32

ntdll

shlwapi

comdlg32

comctl32

winmm

oleaut32

user32

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 6KB - Virtual size: 5KB

.rsrc Size: 21KB - Virtual size: 20KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 21KB - Virtual size: 20KB