3e7b4e64b98d28493740600b76a0154a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e7b4e64b98d28493740600b76a0154a_JaffaCakes118
Size

136KB
MD5

3e7b4e64b98d28493740600b76a0154a
SHA1

3f87cb9fbd9784c49bc5045e0b6e2a89abe41486
SHA256

60f2b3158c12491d00ff564f169d5f539477ca2ace06ef47dc10d0748df1b716
SHA512

1500f50c8b42cba2f63d34413129f323863c9885a8b8e5849ae1b6ce09b5d60cc36073049ba758293a48b2283d8d58acc5944c3e01be4d9771bd4c0be177140c
SSDEEP

1536:2bqHA9wCvHEzKXAPEOYqJ4WdaGbmLYhQW/bs8Iu4Ru9jcO831M5dJurXKwGg2mCB:YSPMqJd+Yn/beuxcOUWJecEE3asRCQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e7b4e64b98d28493740600b76a0154a_JaffaCakes118

Files

3e7b4e64b98d28493740600b76a0154a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

70c1a9b03fdad7ee0c99f6c8eb962be2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
DisableThreadLibraryCalls
EnumResourceLanguagesA
ExitProcess
ExitThread
FreeResource
GetACP
GetCommandLineA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetStartupInfoA
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTimeFormatA
HeapAlloc
LeaveCriticalSection
LoadLibraryA
LoadResource
OpenFile
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
UnmapViewOfFile
VirtualAlloc
VirtualFree
WriteFile
lstrcmpiA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ntdll

NtSetEvent
NtSetInformationObject
NtWriteVirtualMemory
RtlAllocateAndInitializeSid
RtlAppendUnicodeStringToString
RtlCopyLuid
RtlCopyUnicodeString
RtlCreateUserThread
RtlEqualSid
NtResetEvent
RtlFreeSid
RtlFreeUnicodeString
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlLockHeap
RtlNtStatusToDosError
RtlOpenCurrentUser
RtlPrefixUnicodeString
_snwprintf
_wcsnicmp
DbgPrint
memmove
strstr
wcscat
wcscpy
wcsncpy
DbgBreakPoint
LdrUnloadDll
NtCreateDirectoryObject
NtCreateSection
NtCreateSymbolicLinkObject
NtDuplicateObject
NtEnumerateKey
NtMakeTemporaryObject
NtMapViewOfSection
NtOpenKey
RtlEqualUnicodeString
NtOpenProcess
NtQueryDefaultLocale
NtQueryDefaultUILanguage
NtQueryInformationProcess
NtQueryObject
NtQueryValueKey

rpcrt4

RpcSsSwapClientAllocFree
UuidCompare
UuidFromStringA
UuidIsNil
UuidToStringA
data_into_ndr
enum_from_ndr
long_from_ndr
RpcServerUseAllProtseqs
RpcServerInqIf
RpcObjectSetInqFn
RpcNsBindingInqEntryNameA
RpcNetworkInqProtseqsA
RpcMgmtStopServerListening
RpcMgmtInqDefaultProtectLevel
RpcMgmtEnableIdleCleanup
RpcEpRegisterA
RpcBindingSetObject
RpcBindingReset
RpcBindingInqAuthInfoA
MesEncodeFixedBufferHandleCreate
MesBufferHandleReset
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
RpcMgmtInqStats

crtdll

setbuf
printf
iswalpha
fgets
_unloaddll
_strspnp
_strset
_spawnle
_sleep
_onexit
_nextafter
_memccpy
_mbsnicmp
_mbscpy
_ismbcdigit
_ismbbkpunct
_hypot
_global_unwind2
_exit
__toascii

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70c1a9b03fdad7ee0c99f6c8eb962be2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

version

ntdll

rpcrt4

crtdll

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 74KB - Virtual size: 111KB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 74KB - Virtual size: 111KB

.rsrc
Size: 31KB - Virtual size: 30KB