0be34d8140a5f2ce68b41211370bb2ca_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0be34d8140a5f2ce68b41211370bb2ca_JaffaCakes118
Size

88KB
MD5

0be34d8140a5f2ce68b41211370bb2ca
SHA1

6c470b583b85ed0e8b4b5c9e528b0dd07f1ac0d8
SHA256

6536910610b0d4114728b1215f35bec72d090d3e7f8bb9156901f09081819ee5
SHA512

474172ae31e83c70b5cf1017465f58b5e8aa8d16e2a45f46fa58aa8b9405fd97310830f1c0325ac3cd7713e2e374ccb728007d2c3c82f170647d806e37e7a301
SSDEEP

1536:8XhJ8wnMm39nIM1LxAx8NHQk9c5+xyLWXnqMPAAyR6OuTf3Iul8sM:8XL84F1LxAx8Nl9xxyLa6R6fTf3Rl7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0be34d8140a5f2ce68b41211370bb2ca_JaffaCakes118

Files

0be34d8140a5f2ce68b41211370bb2ca_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a11c56d4a8bbc86fb147479c544efb0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTime
VirtualAlloc
GetVersion
IsValidLocale
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetHandleInformation

advapi32

RegDeleteValueW
LookupPrivilegeValueA
RegDeleteKeyA
RegCreateKeyExW
CloseServiceHandle
RegCreateKeyExA
AllocateAndInitializeSid
RegEnumKeyExW
RegCreateKeyW
RegOpenKeyW
RegEnumValueW
ChangeServiceConfigA
UnlockServiceDatabase
RegOpenKeyExW
RegSetValueExW
RegSetValueExA
EqualSid
RegEnumValueA
InitializeSecurityDescriptor
GetTokenInformation
FreeSid
RegDeleteValueA
LockServiceDatabase
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteKeyW
RegCloseKey
RegEnumKeyExA
GetSecurityDescriptorControl
RegQueryValueExW
RegQueryValueW
RegQueryValueExA
RegFlushKey
LookupAccountSidW

comctl32

CreatePropertySheetPageA
InitCommonControlsEx
PropertySheetW
ImageList_AddMasked
CreateToolbarEx
PropertySheetA

version

VerQueryValueW
GetFileVersionInfoW

winspool.drv

AddPrintProcessorA
OpenPrinterA
GetJobA
FindFirstPrinterChangeNotification
DocumentPropertiesA
EnumPrinterDataExA
ResetPrinterA
WritePrinter
EnumMonitorsA
SetPortA
AbortPrinter
EnumPrinterDataA
GetPrinterA
EnumPrinterDriversA
SetFormA
DeletePrinterDriverA
SetPrinterDataExA
AddJobA
StartPagePrinter
DeletePrinterDriverExA
ScheduleJob
AddPrinterDriverA
StartDocPrinterA
DeletePrinter
DeleteFormA
FindNextPrinterChangeNotification
AdvancedDocumentPropertiesA
GetPrinterDriverA
AddFormA
AddPrinterDriverExA
ConfigurePortA
GetPrinterDriverDirectoryA
EnumFormsA
GetPrinterDataA
DeletePrinterDataExA
EndPagePrinter
FindClosePrinterChangeNotification
EnumPrintProcessorDatatypesA
ConnectToPrinterDlg
AddMonitorA
DeletePrintProcessorA

msvcrt

_onexit
__dllonexit
_adjust_fdiv
malloc
_unlink
_initterm
free
fseek
sprintf
fclose
ftell
fread
fopen
fwrite
memset
printf

Exports

Exports

huqrldoivrq

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a11c56d4a8bbc86fb147479c544efb0a

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

version

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 52KB - Virtual size: 49KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 52KB - Virtual size: 49KB

.reloc
Size: 4KB - Virtual size: 3KB