3c12cd86784268d310e871773f0abbd1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c12cd86784268d310e871773f0abbd1_JaffaCakes118
Size

22KB
MD5

3c12cd86784268d310e871773f0abbd1
SHA1

6b849bbd49d9221d16a697a86032f50614c8a07a
SHA256

6a39897de461431529d9ab74e576cd3332d352f3c3d80e845c32b85b623676e8
SHA512

02483ca24e32c07ef07885e44f585b5b922aafacdc76af693b29d9b866c986f6ee39f96b61f90fe5d444f7671d179a03b3f8d146dfd82cbfcc2190fb601f24c6
SSDEEP

192:Brx3vCCPp9TCjU47maLPOtNyc497YO6Fs8dHkmXJRpd5k2ShzmsypvahUq:T3KCPXyU46d/9ZFs8dHXJsrdmlpvW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c12cd86784268d310e871773f0abbd1_JaffaCakes118

Files

3c12cd86784268d310e871773f0abbd1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

90d28cc7735f76bd127e3900171aa785

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
CompareStringA
GetModuleHandleA
ExitProcess
HeapAlloc
VirtualFree
GetCurrentProcess
GetCommandLineA
lstrcpy
GetProcessHeap
DisconnectNamedPipe
GetLongPathNameA

advapi32

GetTrusteeTypeW
RegEnumKeyExA
GetSecurityDescriptorControl
GetMultipleTrusteeOperationA
ConvertAccessToSecurityDescriptorA
ConvertSecurityDescriptorToAccessW
InitializeSid

version

VerFindFileW
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
VerLanguageNameA
VerInstallFileA
GetFileVersionInfoSizeW
VerFindFileA
VerInstallFileW
VerLanguageNameW
GetFileVersionInfoA

ole32

HBRUSH_UserFree
IsEqualGUID
CoUnmarshalInterface
IsValidInterface
CoInitialize
CLIPFORMAT_UserSize
CoMarshalInterThreadInterfaceInStream
HENHMETAFILE_UserMarshal

msvcrt

_mbsinc
__toascii
iswlower
_CIpow
_aexit_rtn

gdi32

CreateScalableFontResourceA
SetROP2
GetCharABCWidthsFloatA
SetArcDirection
CreateHalftonePalette
GdiSetLastError
DeviceCapabilitiesExA

ntdll

RtlFormatMessage
NtRestoreKey
ZwRequestPort
LdrVerifyImageMatchesChecksum
NtReplyWaitReceivePort
NtSetEvent
NlsMbOemCodePageTag
NtAllocateVirtualMemory
RtlPrefixUnicodeString

Exports

Exports

Txrjsxfle
Oyykxusz
FCnjhdaccvye

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90d28cc7735f76bd127e3900171aa785

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

version

ole32

msvcrt

gdi32

ntdll

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 11KB

.rdata Size: 5KB - Virtual size: 16KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 11KB

.rdata
Size: 5KB - Virtual size: 16KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 1KB