0dad04ac320a204b5c2b7f0f407e1b4a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0dad04ac320a204b5c2b7f0f407e1b4a_JaffaCakes118
Size

108KB
MD5

0dad04ac320a204b5c2b7f0f407e1b4a
SHA1

9f1007ced54846a4b6699029bc43505c9b03bdcb
SHA256

92d68f3474f823b11ca3b13b8cfbc07fa8da03178ee6d1021ac04977ac601387
SHA512

4bf2e846944a5068d2929bdecccdc11d5bb26072fb978cc0341064bdf01b4a26d2bdbd3aa8f2469a16929d7e8024494ef6c3f842489d36e7b42f9310bef5db9c
SSDEEP

1536:xwZBrJxEytTUVk3UEbqcFVMH2rcf2Zqa8/pAlkTNDF7c4zpuZPyp4rB5AX:CZBrJhEEhFKCck6AlODxtuFy04

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dad04ac320a204b5c2b7f0f407e1b4a_JaffaCakes118

Files

0dad04ac320a204b5c2b7f0f407e1b4a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

25dbfd174dbc76b43ef1c8dd5dc37a9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SystemFunction024
CryptDecrypt

gdi32

CreateEnhMetaFileA

kernel32

DeleteFileA
ExitProcess
GetConsoleTitleW
GetStdHandle
GetVersion
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
VirtualAlloc
WriteFile
LoadResource
FindResourceA
CompareStringW
CompareStringA
GetLocaleInfoW
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
SetEnvironmentVariableA

ole32

CoCancelCall

rpcrt4

NdrInterfacePointerMemorySize
RpcSsDisableAllocate
RpcServerUseProtseqA

user32

GetDlgItem

Exports

Exports

JSYVYC

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25dbfd174dbc76b43ef1c8dd5dc37a9a

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

rpcrt4

user32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 28KB - Virtual size: 28KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 28KB - Virtual size: 28KB

.reloc
Size: 4KB - Virtual size: 3KB