fddfd292eaf33a490224ebe5371d3275_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fddfd292eaf33a490224ebe5371d3275_JaffaCakes118
Size

18KB
MD5

fddfd292eaf33a490224ebe5371d3275
SHA1

36fb0c363fc6fc86a7b2e4860d5940b96e9b6912
SHA256

3a1c218de4d653dff06a68cfc12b958766dcb869450c9dd06928be819beb365c
SHA512

e201765e20ed440488ed05e78f06b7fe70585e83879696f00d931194cf7f0916f42b88e1bbd57587768732aadb4dd65b2d03dbe926664abd2c80ff363c5ecb21
SSDEEP

192:pc8UlhrjJuM/jP3pYeg4nyChd8D5pI6XV3HkaM3jwVEmLmmIQQaltH3vzAQDLNJS:I9DrdR96F3pM3jWFIDald3vzAQXNJF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fddfd292eaf33a490224ebe5371d3275_JaffaCakes118

Files

fddfd292eaf33a490224ebe5371d3275_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6939074d0bf25ce97003625bccfbbd75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

wcsrchr
swprintf
wcsstr
RtlEqualUnicodeString
ZwQueryInformationProcess
ZwQuerySystemInformation
RtlCompareMemory
_aullrem
_aullshr
_allmul
_allshl
memset
_wtoi
strcmp
strlen
strcpy
memcpy

cabinet

FDIDestroy
FDIIsCabinet
FDICreate
FDICopy

kernel32

QueueUserAPC
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetModuleFileNameW
WaitForSingleObject
lstrcpyW
GetProcAddress
GetModuleHandleA
GetStartupInfoW
CreateProcessW
ExpandEnvironmentStringsW
FindClose
FindNextFileW
FindFirstFileW
ReadFile
CreateFileW
ResumeThread
OpenJobObjectW
GetLastError
ExitProcess
GetEnvironmentVariableA
lstrcatA
lstrcpyA
GetModuleFileNameA
GetCurrentProcess
HeapFree
CloseHandle
GetProcessHeap
OpenProcess
GetCurrentProcessId
lstrcmpiW
BindIoCompletionCallback
lstrcpynA
TerminateProcess
SetEvent
WideCharToMultiByte
TerminateJobObject
CreateEventA
lstrlenW
HeapAlloc

psapi

GetProcessImageFileNameW

advapi32

OpenServiceW
DeleteService
CloseServiceHandle
StartServiceW
OpenProcessToken
DuplicateTokenEx
GetKernelObjectSecurity
GetSecurityDescriptorDacl
GetUserNameA
BuildExplicitAccessWithNameA
SetEntriesInAclA
MakeAbsoluteSD
SetSecurityDescriptorDacl
SetKernelObjectSecurity
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceCtrlDispatcherW
RevertToSelf
RegisterServiceCtrlHandlerW
SetServiceStatus
CreateServiceW
OpenSCManagerW
ImpersonateLoggedOnUser
CreateProcessAsUserW

ws2_32

WSASend
WSARecv
WSASocketA
WSAIoctl
bind
inet_addr
htons
WSAStartup
closesocket
WSAGetLastError

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shell32

ShellExecuteA

msvcrt

free
calloc
malloc
rand
realloc

Sections

Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 640B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 768B - Virtual size: 718B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6939074d0bf25ce97003625bccfbbd75

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

cabinet

kernel32

psapi

advapi32

ws2_32

userenv

shell32

msvcrt

Sections

Size: 10KB - Virtual size: 10KB

Size: 640B - Virtual size: 520B

Size: 3KB - Virtual size: 3KB

Size: 2KB - Virtual size: 2KB

Size: 768B - Virtual size: 718B