0f3d9da560ef1810517134cdcc3a95b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f3d9da560ef1810517134cdcc3a95b3_JaffaCakes118
Size

137KB
MD5

0f3d9da560ef1810517134cdcc3a95b3
SHA1

283bf89f56d2a02c2b20b140461c1137eb55f523
SHA256

e30fb1c75eb3cb26fe2acd9e01dd532792b4527998e85a82e5d2f5da3e96bc35
SHA512

87eef4f339ac1b2935e4360eb18eaedbcbff6fdc318dffcdba31189da9c5ea0b5b1791cb25c5805304ac0165cfe21908ad62cea2fa3a0e385b88959933353535
SSDEEP

3072:5osiWpfAUsmd3UXBONszInlXvrMG4A2WVlq2n4Hb:5orW2aJUXcSzInlvNtVlVO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f3d9da560ef1810517134cdcc3a95b3_JaffaCakes118

Files

0f3d9da560ef1810517134cdcc3a95b3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3cddd88c949a2b68495ea7956279d869

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

wcscpy
towlower
memset
wcsspn
strcmp
wcsrchr

advapi32

FreeSid
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW

ole32

CoTaskMemFree
CoUninitialize

kernel32

VirtualQuery
GetSystemInfo
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
GetComputerNameW
InterlockedIncrement
FreeLibrary
LoadLibraryW
FormatMessageW
CompareStringW
InitializeCriticalSection
lstrcpynW
HeapAlloc
GetLastError
HeapFree
GetProcAddress
GetModuleHandleA
ExitProcess
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
InterlockedDecrement
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
LoadLibraryA
GetModuleHandleW
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect

user32

DefWindowProcW

gdi32

SetTextColor
GetDeviceCaps

Exports

Exports

GRQMNjVJxoT
Hefy5

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cddd88c949a2b68495ea7956279d869

Headers

File Characteristics

Imports

ntdll

advapi32

ole32

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 66KB - Virtual size: 244KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 66KB - Virtual size: 244KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB