01752ce0be21fda7103c357c63c63d10_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

01752ce0be21fda7103c357c63c63d10_JaffaCakes118
Size

172KB
MD5

01752ce0be21fda7103c357c63c63d10
SHA1

74616cbf81e1493d2297c00f11d8821a2b37850e
SHA256

8d3532a98e16ca90ecd6f0c7da4687b13d8e1528d995ee817551dabd3d0fe4e1
SHA512

c14a65b5f2d16724a593ed7ed295cbec4b8cafb295e6d5a478f441b76a220e5d85b46c388a9ec0b0c1e7bcaa26221e084833392eca595295007e6ea15bb759b1
SSDEEP

3072:AwN760yMVHwinaRGcwhYr4zGYFmVh/LFx:F+U4whYr4Cth

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01752ce0be21fda7103c357c63c63d10_JaffaCakes118

Files

01752ce0be21fda7103c357c63c63d10_JaffaCakes118
.dll windows:4 windows x86 arch:x86

96c155b0eb66bacda805908d648a8973

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

hddoo.pdb

Imports

kernel32

GetLastError
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
InterlockedIncrement
InterlockedDecrement
CreateEventW
WaitForSingleObject
DeleteTimerQueueTimer
DisableThreadLibraryCalls
GetModuleHandleW
IsBadWritePtr
SetEvent
IsBadReadPtr
GetProcAddress
LoadLibraryW
TryEnterCriticalSection
GetTickCount
CreateTimerQueueTimer
UnregisterWaitEx
lstrlenW
DeleteTimerQueueEx
CreateTimerQueue
lstrcpynW
GetACP
QueryPerformanceCounter
SleepEx
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
Sleep
OutputDebugStringA
HeapAlloc
GetProcessHeap
SetLastError
HeapFree
IsBadStringPtrW
CreateThread
QueueUserWorkItem
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
RegisterWaitForSingleObject
EnterCriticalSection

user32

TranslateMessage
DispatchMessageW
SetWindowLongW
DefWindowProcW
MoveWindow
UnregisterDeviceNotification
MsgWaitForMultipleObjectsEx
CreateWindowExW
UnregisterClassW
LoadStringW

advapi32

RegQueryValueExW
RegOpenKeyExA
RegCloseKey
RegOpenKeyExW

ole32

CoTaskMemFree
CLSIDFromString
CoInitializeEx
CoCreateFreeThreadedMarshaler
IIDFromString
StringFromGUID2
CoUninitialize
CreateBindCtx
CoCreateInstance

winmm

timeGetTime

Exports

Exports

yeyTowiii

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96c155b0eb66bacda805908d648a8973

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

winmm

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 384KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 384KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 4KB - Virtual size: 1KB