2dbc78ad577c72e2f6600591fc2e6dac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2dbc78ad577c72e2f6600591fc2e6dac_JaffaCakes118
Size

110KB
MD5

2dbc78ad577c72e2f6600591fc2e6dac
SHA1

d69762f24882843cbafec964f02be4c3c05a199a
SHA256

502d72f7139fffcd68cc2714b8ea18f1bb22bb098dd195cd8717a19ef6a4b818
SHA512

23f352145c141d963fdf488138db559ba89ea051cd47472316ab1cdd6c4f1335370b6c3ed7aa282b88d9ef8eaf3ba8cf1320a6f5abff48ccfab7249318470f72
SSDEEP

3072:dyCb1Ts0D+KjdUEUfJ458vXOAv/FrzqzHAtkx33OKMMiU1m9:dyCumdzAXFrzqT2+OKNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dbc78ad577c72e2f6600591fc2e6dac_JaffaCakes118

Files

2dbc78ad577c72e2f6600591fc2e6dac_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cecb9c7be9a6a7501ef80e4e76c2ba59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
DeleteFileA
EnumResourceLanguagesW
ExitProcess
GetACP
GetCommandLineA
GetLastError
GetModuleHandleA
GetOEMCP
GetStartupInfoA
HeapAlloc
InterlockedIncrement
RtlUnwind
SetEndOfFile
SetErrorMode
SetLastError
TlsFree
VirtualAlloc
WritePrivateProfileSectionA
lstrcmpA

advapi32

RegCloseKey
RegEnumKeyA
RegLoadKeyA
RegQueryValueA
LookupPrivilegeValueA

ole32

OleGetClipboard
OleInitialize
OleUninitialize
WriteClassStg
CoFileTimeNow
CoGetClassObject
CoInitialize
CoRegisterMessageFilter
CoCreateInstance
CoRevokeClassObject
CoUninitialize
CoTaskMemAlloc

user32

ToAscii
ShowCursor
OffsetRect
MessageBoxIndirectA
MessageBoxA
IsCharUpperA
GetFocus
EnableWindow
DefDlgProcA
CreatePopupMenu
CreateMDIWindowA
CopyImage
CloseWindow
DialogBoxParamA

shell32

SHBindToParent
SHFileOperationA
SHGetDesktopFolder
SHGetFileInfoA
SHGetMalloc
ShellExecuteA
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconA

shlwapi

PathMatchSpecA
PathAppendA
PathCanonicalizeA
PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathIsRelativeA
StrStrIA
PathUnquoteSpacesA

msvcrt

__set_app_type
_errno
free
malloc
memcpy
strcmp
strlen

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
VariantClear
LoadTypeLib

Exports

Exports

Eith
Fde
Fxpm
Mkvcbwhq
Mqpflqh
Nt
Oeppkfhwz
Pzlbvpnv
Qmbodneezzf
Qvuenm
Rw
Uocsmypbq

Sections

.text
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cecb9c7be9a6a7501ef80e4e76c2ba59

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

user32

shell32

shlwapi

msvcrt

oleaut32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 32KB

.rdata Size: 31KB - Virtual size: 32KB

.data Size: 22KB - Virtual size: 24KB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 28KB

.text
Size: 28KB - Virtual size: 32KB

.rdata
Size: 31KB - Virtual size: 32KB

.data
Size: 22KB - Virtual size: 24KB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 28KB