44d5f0760c7626e17d133f33310bf970_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44d5f0760c7626e17d133f33310bf970_JaffaCakes118
Size

180KB
MD5

44d5f0760c7626e17d133f33310bf970
SHA1

67a4a6583c8832ab36f39d6afca7f58092dfa197
SHA256

5258f676a7a80ea38f8a8c6b46d8cb42723ca9954a540f62540d8f92e09ba790
SHA512

4420b43ecf7133b8c2c1e1d0dee5d1c7248f2dfd3b769758351f3b6cc7329c1482195ba7d24186e2c301f3b75e15b724088d040e4f3ce10d33a963a502494e65
SSDEEP

3072:aGP8SXpcOjsT1slKR4LHPskviifgWbh9J155WUwVJq0Y7pumP4qq:jEhXTzevsAiiYQh9lLwVdYFt+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44d5f0760c7626e17d133f33310bf970_JaffaCakes118

Files

44d5f0760c7626e17d133f33310bf970_JaffaCakes118
.dll windows:4 windows x86 arch:x86

06418ad059eec32f021ec3c9115832dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetDriveTypeW
InterlockedExchange

comdlg32

GetFileTitleA
PrintDlgW
ReplaceTextA
GetFileTitleW
GetOpenFileNameW
ChooseFontW
PageSetupDlgA
PrintDlgA
ChooseColorW
FindTextA
FindTextW
PageSetupDlgW
GetOpenFileNameA

shlwapi

StrStrW

mprapi

MprAdminInterfaceUpdatePhonebookInfo
MprConfigServerDisconnect
MprAdminMIBEntrySet
MprAdminMIBBufferFree
MprAdminEstablishDomainRasServer
MprInfoCreate
MprAdminInterfaceUpdateRoutes
MprAdminTransportCreate
MprInfoBlockAdd
MprConfigServerInstall
MprAdminPortGetInfo
MprAdminInterfaceDeviceSetInfo
MprConfigTransportEnum
MprAdminRegisterConnectionNotification
MprAdminInterfaceTransportAdd
MprAdminInterfaceConnect
MprInfoBlockSet
MprConfigTransportCreate
MprAdminInterfaceGetInfo
MprAdminMIBEntryGetFirst
MprConfigInterfaceDelete
MprConfigServerRestore
MprConfigInterfaceTransportGetHandle
MprAdminInterfaceQueryUpdateResult
MprInfoBlockFind
MprAdminServerDisconnect
MprConfigTransportDelete
MprAdminIsDomainRasServer
MprAdminInterfaceTransportSetInfo
MprAdminInterfaceDelete
MprConfigGetGuidName
MprAdminBufferFree
MprInfoDelete

clusapi

ClusterControl
ClusterGroupCloseEnum
ClusterNodeOpenEnum
GetClusterNetworkKey
ClusterResourceCloseEnum
ClusterRegGetKeySecurity
GetClusterFromGroup
DeleteClusterResourceType
OpenClusterResource
ClusterEnum

esent

JetDetachDatabase
JetUpdate
JetMakeKey
JetCreateIndex
JetCreateTableColumnIndex
JetSetSessionContext
JetSetDatabaseSize
JetPrepareUpdate
JetOpenTable
JetRenameTable
JetGetObjectInfo
JetGetDatabaseInfo
JetGetDatabaseFileInfo
JetGotoBookmark
JetTruncateLog
JetRetrieveColumns
JetComputeStats
JetGetIndexInfo
JetGetLogInfo
JetGetBookmark
JetGetLock
JetStopService
JetExternalRestore
JetAttachDatabase2
JetBackup
JetGetTableColumnInfo
JetAddColumn

Exports

Exports

MoveEnhHook
RestoreCPStorageSacl

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06418ad059eec32f021ec3c9115832dc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comdlg32

shlwapi

mprapi

clusapi

esent

Exports

Exports

Sections

.text Size: 162KB - Virtual size: 161KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 16KB

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 16KB