153df4b3e1e62d7a9bf5224c008255d0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

153df4b3e1e62d7a9bf5224c008255d0_JaffaCakes118
Size

212KB
MD5

153df4b3e1e62d7a9bf5224c008255d0
SHA1

d062349771368e57876fdda2911e34866531181d
SHA256

4732f69ed011aeedcc0a11d5bf92101e7982554f28da933d6ef6739cfb800ce0
SHA512

51208418a6f582a4c18d06059335b5c7eb2601dcb32ce88c70b4eff76578274c9ad770e5e4cc899ca6701183258942a4949f46341f042d405505a6475e6c5aad
SSDEEP

6144:vEcHZuoJPjUsU3S4xLCuXeD0cQVwkbUytHvV:FZuoJPjHUbxfXeOwbyJV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
153df4b3e1e62d7a9bf5224c008255d0_JaffaCakes118

Files

153df4b3e1e62d7a9bf5224c008255d0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2d77ff946f6ddc1cf0d237e09109354a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedCompareExchange
Sleep
QueryPerformanceCounter
UnhandledExceptionFilter
VerifyVersionInfoW
SystemTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
ProcessIdToSessionId
LocalFree
WaitForMultipleObjects
TerminateThread
LocalAlloc
CreateDirectoryW
VerSetConditionMask
ExpandEnvironmentStringsW
GetCurrentThread
RemoveDirectoryW
FindFirstFileW
GetFileAttributesW
FindClose
FindNextFileW
SetFileAttributesW
DeleteFileW
InterlockedIncrement
GetLastError
CreateEventW
UnregisterWait
CloseHandle
SetEvent
DisableThreadLibraryCalls
ResetEvent
GetComputerNameExW
CompareStringW
lstrlenW
SetLastError
GetModuleFileNameW
HeapAlloc
HeapSetInformation
InterlockedExchange
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
FreeLibrary
GetProcessHeap
CreateThread
OutputDebugStringA

user32

LoadStringW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegisterEventSourceW
DeregisterEventSource
ReportEventW
RevertToSelf
OpenThreadToken
GetSecurityDescriptorDacl
LookupAccountNameW
InitializeSecurityDescriptor
RegEnumKeyExW
RegDeleteValueW
SetServiceStatus
RegCloseKey
GetTokenInformation
SetSecurityDescriptorDacl
RegOpenCurrentUser
RegConnectRegistryW
RegCreateKeyExW

msvcrt

wcschr
exit
malloc
free
putchar
memset

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertCreateCertificateContext
CertSetCertificateContextProperty
CertFindExtension
CertCloseStore
CertDeleteCertificateFromStore
CertGetEnhancedKeyUsage
CertCreateSelfSignCertificate
CertFindCertificateInStore

rpcrt4

RpcImpersonateClient

userenv

RegisterGPNotification

Exports

Exports

AreUpdateStandards
InVersionStandardsImplementProcess
OfFromEndorsed
OnAnd

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d77ff946f6ddc1cf0d237e09109354a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

crypt32

rpcrt4

userenv

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 28KB - Virtual size: 249KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 28KB - Virtual size: 249KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 1KB