0a00cfc7b9ebe401c9ce1f87ca8e94a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a00cfc7b9ebe401c9ce1f87ca8e94a4_JaffaCakes118
Size

44KB
MD5

0a00cfc7b9ebe401c9ce1f87ca8e94a4
SHA1

7e3ebad16fdc691f1a7be3a41cb2d7fd5dcb4712
SHA256

144540149f816bedd21f5289755e993e1b8e7793ba126c0b26beab95fe67b0b6
SHA512

067c5e90401f9a8682eaf2a1aafe354b564ee25223fcccbb367348b0de0f958dc51d2dff193ef1bf26ebe13e5435f186e7897a24417eb83554441f8ceb2f5318
SSDEEP

768:uJK5uGUWSTSGckjrSLbm3mmjcmM67Xt23MhNno4ChE:uJK5uGU/SfPmDcs7Xt23Sno4qE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a00cfc7b9ebe401c9ce1f87ca8e94a4_JaffaCakes118

Files

0a00cfc7b9ebe401c9ce1f87ca8e94a4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8b24b3e1d1b122896fe26c3fd6b669df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

x:\Dev\M_tr0j\JS13_v2_20081128\xmdll\Release\xmdll.pdb

Imports

kernel32

SetFilePointer
lstrcatA
lstrcpyA
FreeLibrary
lstrlenA
GetProcAddress
LoadLibraryA
Sleep
FindClose
GetLastError
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
SetLastError
SetFileTime
ReadFile
GetFileTime
WriteFile
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
lstrcpynA
lstrcmpA
CreateDirectoryA
GetSystemDirectoryA
GetModuleFileNameA
LocalFree
GetCurrentProcess
FlushInstructionCache
VirtualProtect
CloseHandle
CreateFileA
CreateFileW
CreateThread

user32

IsCharAlphaNumericA
EnumWindows
CallWindowProcA
SendMessageA
wsprintfA
FindWindowExA
SetWindowLongA
FindWindowA
GetWindowTextA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA

shell32

ShellExecuteA

msvcrt

??1type_info@@UAE@XZ
memcpy
strstr
??3@YAXPAX@Z
??2@YAPAXI@Z
strncpy
strrchr
wcsstr
__CxxFrameHandler
free
_initterm
malloc
_adjust_fdiv
_CxxThrowException
_stricmp
_strrev

oleaut32

GetErrorInfo

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b24b3e1d1b122896fe26c3fd6b669df

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcrt

oleaut32

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 15KB

.share Size: 4KB - Virtual size: 800B

.rsrc Size: 4KB - Virtual size: 1024B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 15KB

.share
Size: 4KB - Virtual size: 800B

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 4KB - Virtual size: 2KB