16b2f0fc4f8f9b80f89a1305b67b8304_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16b2f0fc4f8f9b80f89a1305b67b8304_JaffaCakes118
Size

95KB
MD5

16b2f0fc4f8f9b80f89a1305b67b8304
SHA1

0388faa3cf8d16892072d2aceca494710bc44275
SHA256

b04eb596f3f5ce0daa240bd281c14bd84b1c0e9a8384fe3a493550dc44509dd3
SHA512

7865bc62d07ed66ca01246d5ff94592222fe73c7a2976d79c3f48f13f6c1c85580d19287b4e43317134f60d3d3d1adb2d8a54d0f71d37692b4179fba6e6b7a6f
SSDEEP

1536:RQdFUbnj/EIcb2VPVUUqjKrsV+j+l8eyxbIkOKouHljxZKbrsiV:RSoncYrs4EZ4KKouFrKUY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16b2f0fc4f8f9b80f89a1305b67b8304_JaffaCakes118

Files

16b2f0fc4f8f9b80f89a1305b67b8304_JaffaCakes118
.dll windows:1 windows x86 arch:x86

57d853639a2e5144e370213b7f998acd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharUpperBuffA
MessageBoxA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
ExitThread
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
SetConsoleCtrlHandler
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

pbvm80

ord5237
ord2689
ord2469
ord2057
ord2497
ord2473
ord2495
ord2474
ord2496
ord2646
ord5245
ord2644
ord2645
ord2484
ord2537
ord2488
ord2524
ord2650
ord2632
ord2426
ord2513
ord2479
ord2454
ord2384
ord2480
ord2611
ord2295
ord5164
ord2448
ord2050
ord2624
ord2081
ord2486
ord2461
ord5239
ord2462
ord2653
ord2599
ord2458
ord2578
ord5151
ord2012
ord2416
ord2582
ord2459
ord2183
ord2639
ord2638
ord2546
ord5236
ord5238
ord2510
ord5234
ord2865
ord2043
ord2864

Exports

Exports

_DllMain@12
__fn_1747_32770_0@8
__fn_1747_32770_1@8
__fn_1747_32794_34@8
__fn_1747_32796_34@8
__fn_1748_32770_0@8
__fn_1748_32770_119@8
__fn_1748_32770_1@8
__fn_1748_32797_34@8
_getVtableInfo_w_change_password@12
_getVtableInfo_w_encrypt_password@12

Sections

AUTO
Size: 51KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 10KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57d853639a2e5144e370213b7f998acd

Headers

File Characteristics

Imports

user32

kernel32

pbvm80

Exports

Exports

Sections

AUTO Size: 51KB - Virtual size:

.idata Size: 2KB - Virtual size:

DGROUP Size: 10KB - Virtual size:

.bss Size: 5KB - Virtual size:

.edata Size: 512B - Virtual size:

.reloc Size: 2KB - Virtual size:

.rsrc Size: 1KB - Virtual size:

AUTO
Size: 51KB - Virtual size:

.idata
Size: 2KB - Virtual size:

DGROUP
Size: 10KB - Virtual size:

.bss
Size: 5KB - Virtual size:

.edata
Size: 512B - Virtual size:

.reloc
Size: 2KB - Virtual size:

.rsrc
Size: 1KB - Virtual size: