1659dc35ee05e9cd2e31dbb34ff06304_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1659dc35ee05e9cd2e31dbb34ff06304_JaffaCakes118
Size

386KB
MD5

1659dc35ee05e9cd2e31dbb34ff06304
SHA1

04dc81a65b78eabeb1d32851006541ed1b5a53e8
SHA256

bd9dd7247bc6560c0e77b1d469d6880caadcd50748eddda92089a713e5f00f47
SHA512

aaac7dbcc6a188b135e153814cbfc4d7b17ca633fa5b8d2032fc25e852716c8e3cc395ab4fa4d57bb46c249de8dbb96e667d492e33227ef9cdb88e860e459f6f
SSDEEP

6144:fUElprQHDxAhYavnYgKhyl/ZASA5Ys9oBbfJXrsZYiAFPpcesK:fJlpUjxQ9YdhytZAZ5x9GX3iAjjd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1659dc35ee05e9cd2e31dbb34ff06304_JaffaCakes118

Files

1659dc35ee05e9cd2e31dbb34ff06304_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7614cd90667ca207daa2cced681ab99a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wctomb
wcsstr
wcsrchr
wcsncpy
wcsncmp
wcschr
tolower
time
swprintf
strtoul
strstr
strrchr
strncmp
strchr
sprintf
realloc
rand
printf
memset
memcpy
mbtowc
malloc
localeconv
isxdigit
iswprint
iswctype
isupper
isspace
isleadbyte
isdigit
isalpha
gmtime
free
fprintf
fopen
ferror
fclose
clock
calloc
atoi
_wcsicmp
_unlock
_strtime
_strrev
_strnicmp
_strlwr
_stricmp
_snprintf
_read
_purecall
_lseeki64
_lsearch
_lock
_itoa
_ismbblead
_isatty
_iob
_initterm
_fileno
__badioinfo
__dllonexit
__mb_cur_max
__pioinfo
_errno
_atoi64
_amsg_exit
_XcptFilter

dbghelp

SymInitialize
SymGetTypeInfo
SymFunctionTableAccess
SymFindFileInPath
SymEnumerateSymbolsW64
SymEnumSymbols
SymCleanup
ImageRvaToVa
FindExecutableImageEx

user32

DispatchMessageA
EnumChildWindows
GetWindowThreadProcessId
GetClassNameA
wsprintfW
TranslateMessage
SetWindowTextA
PeekMessageA
EnumWindows

kernel32

CreateFileMappingA
CreateFileA
CompareFileTime
HeapFree
lstrlenA
lstrcmpA
WriteFile
WideCharToMultiByte
WaitForMultipleObjectsEx
VirtualQuery
VirtualFreeEx
VirtualAllocEx
VirtualAlloc
UnregisterWaitEx
UnmapViewOfFile
TerminateProcess
SystemTimeToFileTime
SetNamedPipeHandleState
SetFilePointer
SetFileApisToANSI
SearchPathA
RtlUnwind
ReadFile
QueryPerformanceCounter
OutputDebugStringA
MultiByteToWideChar
MapViewOfFile
LockResource
LockFileEx
LocalFree
LoadResource
LoadLibraryA
IsBadStringPtrA
InterlockedExchange
InterlockedCompareExchange
CreateTapePartition
HeapAlloc
GetVersionExW
GetVersionExA
GetVersion
GetTickCount
GetSystemTimeAsFileTime
GetProcessPriorityBoost
GetProcessHeap
GetProcAddress
GetPriorityClass
GetModuleHandleA
GetLocalTime
GetLastError
GetFileSize
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
GetCPInfo
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindClose
ExitProcess
CloseHandle

ole32

CoInitialize
CoCreateInstance
CoUninitialize

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegCloseKey

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

ProcessContext
ReadLoadResolutions
SearchS
TypeToLdapTypeCopyConstruct
mpegSplitClose

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7614cd90667ca207daa2cced681ab99a

Headers

File Characteristics

Imports

msvcrt

dbghelp

user32

kernel32

ole32

advapi32

version

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 186KB - Virtual size: 186KB

.data Size: 68KB - Virtual size: 69KB

.rsrc Size: 64KB - Virtual size: 64KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 186KB - Virtual size: 186KB

.data
Size: 68KB - Virtual size: 69KB

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 3KB - Virtual size: 2KB