3e1c892c7adcb45c6f363ec713806c52_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e1c892c7adcb45c6f363ec713806c52_JaffaCakes118
Size

211KB
MD5

3e1c892c7adcb45c6f363ec713806c52
SHA1

6e631c4631186dbb6f7905457461f831e818ca0b
SHA256

ee96529001cbb3618e85875890eb3c0f1ea6307611f706d9a9e28d24a22b5cda
SHA512

79ee175731d38ed2b7b1bb1dbbea5fc37866488a75c86ff57c83baba95b04e0de534ff54e8aaeae343e316daf8b37c732af699f4c4e82fa6920edabdb4385f97
SSDEEP

3072:6QoHSFDmO1ZVWKUDWyC78VWIcwjN8TdK6wbrwk/TxITzyGKLbQ:9o8iQZDUyyq8Vawx8RDk/TxITGU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e1c892c7adcb45c6f363ec713806c52_JaffaCakes118

Files

3e1c892c7adcb45c6f363ec713806c52_JaffaCakes118
.dll windows:5 windows x86 arch:x86

4bee112ba157631e4f82926a3095bb8b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindResourceW
FreeLibrary
FreeResource
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetProcAddress
GetStartupInfoW
GetSystemTimeAsFileTime
GetTempFileNameW
GetThreadLocale
GetTickCount
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalReAlloc
GlobalSize
ExitProcess
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MoveFileW
MulDiv
MultiByteToWideChar
QueryPerformanceCounter
RemoveDirectoryW
SearchPathW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
WinExec
WriteFile
WritePrivateProfileStringW
lstrcmpW
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW
EnumResourceNamesW
DeleteFileW
CreateFileW
CloseHandle
VirtualAllocEx
ReadFile
GlobalUnlock
GetCommandLineA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyA
RegSetValueExW

msvcrt

_XcptFilter
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm
_stricmp
exit
swprintf
vswprintf
wcslen

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bee112ba157631e4f82926a3095bb8b

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 197KB - Virtual size: 196KB

.data Size: 512B - Virtual size: 132B

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 1024B - Virtual size: 984B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 197KB - Virtual size: 196KB

.data
Size: 512B - Virtual size: 132B

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 1024B - Virtual size: 984B