27e7c8c7f7684bdde919304662216347_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27e7c8c7f7684bdde919304662216347_JaffaCakes118
Size

567KB
MD5

27e7c8c7f7684bdde919304662216347
SHA1

98a8f0a7e481cda631ab42d3f67910037fcab9cc
SHA256

61498be7031539da288e12ab6d123a00c9513b1f8f312ee8cf7c637c119a06dc
SHA512

086c3dd77fd1d2113ff5379361907e72f3c066401a9c4c2948ff19771c46b87003317f0925e805a1390ce2048c12da322b16ab19cbb4769063551a378326b770
SSDEEP

6144:affG/iz8EnfENPZ4wUPIBsS1078KgCCNR91U337O7o5b1IRSCoccccLccccccc15:aW/iXnMr3Bl07xgz1O36M5b1sFC7l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27e7c8c7f7684bdde919304662216347_JaffaCakes118

Files

27e7c8c7f7684bdde919304662216347_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a43669a638a6941fafcab5e6e859399b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
SizeofResource
CreateEventA
LeaveCriticalSection
EnterCriticalSection
ResetEvent
GetModuleFileNameA
DeleteCriticalSection
CloseHandle
CreateThread
lstrcpyA
FreeResource
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
SetEvent
LoadResource
WaitForSingleObject
FindResourceA

user32

DestroyWindow
GetWindowRect
CreateDialogParamA
SendDlgItemMessageA
TrackPopupMenu
SetMenuItemBitmaps
SetForegroundWindow
LoadBitmapA
LoadIconA
MessageBeep
MessageBoxIndirectA
SetFocus
GetWindowTextLengthA
SendMessageA
GetMenu
GetWindowTextA
SetWindowLongA
InvalidateRect
EnableMenuItem
GetMenuState
GetDlgItem
EndDialog
RedrawWindow
SetWindowPos
GetCursorPos
CheckDlgButton
ShowWindow
CheckMenuItem
CreatePopupMenu
SetDlgItemTextA
DestroyIcon
GetDlgItemTextA
SetMenuItemInfoA
DestroyMenu
CallWindowProcA
EnableWindow
LoadImageA
InsertMenuA
PostMessageA
DrawMenuBar
IsDlgButtonChecked

gdi32

CreateSolidBrush
DeleteObject
SetBkMode

shell32

Shell_NotifyIconA
ShellExecuteA

msvcr90

__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
fclose
_splitpath
fseek
ftell
clock
fprintf
fread
fopen
atoi
rewind
_onexit
_except_handler4_common
memset
_lock
malloc
free
memcpy
fscanf
sprintf
_itoa
sscanf
strncmp

comctl32

InitCommonControlsEx

ws2_32

ioctlsocket
connect
inet_ntoa
WSAStartup
select
htons
shutdown
WSACleanup
recv
socket
closesocket
send
gethostbyname

winmm

PlaySoundA

Exports

Exports

On_Channel_Change
On_Exit
On_Menu_Select
On_Send_Dll_ID_Name
On_Start

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 532KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a43669a638a6941fafcab5e6e859399b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msvcr90

comctl32

ws2_32

winmm

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 21KB

.rsrc Size: 532KB - Virtual size: 531KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 21KB

.rsrc
Size: 532KB - Virtual size: 531KB

.reloc
Size: 5KB - Virtual size: 4KB