26613d19701c317dd1f625ce9b0229bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26613d19701c317dd1f625ce9b0229bd_JaffaCakes118
Size

365KB
MD5

26613d19701c317dd1f625ce9b0229bd
SHA1

6b68f31ec087f9e1c87ecf3443dfd64caaff392f
SHA256

95ab90ef108de5e354230a19652846e3ff6cfab3ed1e3efa2a63609ed771102b
SHA512

a2a56e94c13a9d956ed4e7b854b6723e4c4ed295e88df28b735e29b5e64368bc6af2aca84b1e94b7910959667d41af80c3e1b2bf214b46f1801b2d2548bbd021
SSDEEP

6144:KvQFCtl+kvo2ff681P1AXHC2OXfvatEPcXJM:OGC6qP1AyRa7G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26613d19701c317dd1f625ce9b0229bd_JaffaCakes118

Files

26613d19701c317dd1f625ce9b0229bd_JaffaCakes118
.dll windows:6 windows x86 arch:x86

0f2f5fc596936b16fb5117ca1c6c2590

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WUDFx.pdb

Imports

msvcrt

_onexit
_lock
__dllonexit
_unlock
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
??3@YAXPAX@Z
_errno
strchr
wcschr
_vsnwprintf
memcpy
realloc
_wcsicmp
memset
??_U@YAPAXI@Z
??2@YAPAXI@Z
_purecall
??_V@YAXPAX@Z
free
_vsnprintf
malloc

ntdll

RtlUnwind

kernel32

GetProcAddress
LoadResource
LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
OutputDebugStringA
Sleep
GetVersionExA
ExpandEnvironmentStringsW
InterlockedExchange
SetLastError
ChangeTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueueTimer
InterlockedCompareExchange
DeleteTimerQueueEx
CloseHandle
CreateEventW
ResetEvent
QueueUserWorkItem
WaitForSingleObject
SetEvent
CreateTimerQueue
GetCurrentThreadId
TryEnterCriticalSection
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadLibraryA
SizeofResource
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
InitializeCriticalSectionAndSpinCount
FreeLibrary
MultiByteToWideChar

advapi32

GetTraceEnableLevel
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegEnumValueW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
RegDeleteKeyW
GetTraceEnableFlags
RegEnumKeyExW
TraceMessage
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr
SysStringLen

user32

CharNextW
UnregisterClassA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Microsoft_WDF_UMDF_Version

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f2f5fc596936b16fb5117ca1c6c2590

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

ole32

oleaut32

user32

Exports

Exports

Sections

.text Size: 292KB - Virtual size: 292KB

.data Size: 57KB - Virtual size: 58KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 292KB - Virtual size: 292KB

.data
Size: 57KB - Virtual size: 58KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB