f9edbd9b78bdb5a1626ae5cb5d357a5d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9edbd9b78bdb5a1626ae5cb5d357a5d_JaffaCakes118
Size

138KB
MD5

f9edbd9b78bdb5a1626ae5cb5d357a5d
SHA1

c7eda70e6f2ef191eac53f26e8a72ba83968fc22
SHA256

8dfaf8a3e8fae84253e6df75a1a87e66509e3e8927a8bb4cbb42c8b797159f56
SHA512

e9a87da51173e6b30a1a82e187857732f159d62adcda1e1fd4ab467f983492c8c9d3beefd2496bd26af9817e8504150b81191b71184fae30562f3ec20226396f
SSDEEP

3072:Mk1BQDYiu0UmD16dIkJmn6TSAtJ9Qg2W:jr99o6DYKpag2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9edbd9b78bdb5a1626ae5cb5d357a5d_JaffaCakes118

Files

f9edbd9b78bdb5a1626ae5cb5d357a5d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e6d5533edf27cf8765293f89e96a56b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedCompareExchange
InterlockedExchange
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
SetEvent
ExpandEnvironmentStringsA
CreateDirectoryA
CreateEventA
GetCurrentThread
GetLocalTime
LocalFree
WaitForSingleObject
ReleaseMutex
GetTickCount
GetPrivateProfileIntA
CreateFileA
CloseHandle
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalAlloc
UnhandledExceptionFilter
GetComputerNameW
GetComputerNameExW
GetLastError
LoadLibraryW
GlobalAlloc
GetProcAddress
FreeLibrary
TerminateProcess
GetCurrentProcess
SetLastError
SetUnhandledExceptionFilter
Sleep
VirtualProtect
GlobalFree
GetCommandLineA
CreateMutexA

user32

wvsprintfA
wsprintfA
wsprintfW

advapi32

RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
IsValidSid
ConvertStringSidToSidA
RegCloseKey
EqualSid
GetUserNameW
InitializeAcl
GetLengthSid
RegOpenKeyExA
AddAccessAllowedAce

rpcrt4

NdrClientCall2
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
RpcStringBindingComposeW

msvcr71

wcscmp
__dllonexit
__CppXcptFilter
fopen
memset
strncpy
_XcptFilter
_amsg_exit
fclose
_except_handler3
_adjust_fdiv
_initterm
free
wcsncpy
wcslen
wcschr
_onexit
_wcsnicmp
iswctype
_wcsicmp
wcscpy
malloc
wcscat
fwrite

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6d5533edf27cf8765293f89e96a56b2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

rpcrt4

msvcr71

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 35KB

.rsrc Size: 42KB - Virtual size: 42KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 35KB

.rsrc
Size: 42KB - Virtual size: 42KB

.reloc
Size: 3KB - Virtual size: 2KB