11644df070374e43b6c25500a7fc1575_JaffaCakes118

General

Target

11644df070374e43b6c25500a7fc1575_JaffaCakes118
Size

370KB
MD5

11644df070374e43b6c25500a7fc1575
SHA1

84945a476b840019d327bd3499ccbb65e49a9972
SHA256

b38a6b332d755cd9b1a213696b7f51ea9a86cc5cd510af16374fc3af6f66debf
SHA512

a7d5efc2a0602c3f2bee662bbf97541b404909e9310724c9187e8dd0d413fa12ede1bb2aaeab42f1bea8aca8a0498a37678a403c2cd66f5d85d9ef4eefd98353
SSDEEP

6144:fmyJN/BjnnKoUurQb56Tvm2Ab2xGKDViiWWFXlutacCAJeB5RWpLb:+yJNpjn3UurS6TO/u4GFHAJeB5R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11644df070374e43b6c25500a7fc1575_JaffaCakes118

Files

11644df070374e43b6c25500a7fc1575_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b57d13133806303ddbf23debff061b47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
ImpersonateAnonymousToken

ole32

CoTaskMemFree
StringFromCLSID

kernel32

lstrlenW
WideCharToMultiByte
WaitForSingleObject
CloseHandle
CreateFileA
CreateProcessA
DeleteCriticalSection
DosDateTimeToFileTime
EnterCriticalSection
ExitProcess
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetLastError
GetLocaleInfoA
GetLongPathNameA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessPriorityBoost
GetShortPathNameA
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadLocale
GetTickCount
GetVersionExA
GlobalUnWire
HeapReAlloc
InitializeCriticalSection
InterlockedExchange
LoadLibraryA
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualAlloc

Exports

Exports

GetBroadcastSockaddr
GetImageInfoFromFileInMemory
LoadVolumeFromVolume
QuaternionMultiply
SchemaGetSyntaxOfAttribute
VecAddFontMapper
WeldVertices

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b57d13133806303ddbf23debff061b47

Headers

File Characteristics

Imports

advapi32

ole32

kernel32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 166KB - Virtual size: 165KB

.data Size: 69KB - Virtual size: 70KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 166KB - Virtual size: 165KB

.data
Size: 69KB - Virtual size: 70KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 5KB - Virtual size: 4KB