45a958c1adfb1961732abe0a9276a854_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

45a958c1adfb1961732abe0a9276a854_JaffaCakes118
Size

412KB
MD5

45a958c1adfb1961732abe0a9276a854
SHA1

5a32190dd90ac50442b0780bb660d1121802e4d6
SHA256

74474a25dfe74389569f59ebb882368d4e776e1310887fdf041e038fb924906a
SHA512

0098c4053e35487fa28789431505109d9ecc4ef6b70de37a7f6bdeaf1ed86f0a0d97b5d09ad0f4df551cf89ee4b297c8738d8e8ebfcd000a1464942646a54d7a
SSDEEP

6144:UNu+VlZUKjPEqyAKTxyGop78L49A0p9h9aeJsWu/SVpovL0ogxW:ElZUCTgyXphh9aNp4rxx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45a958c1adfb1961732abe0a9276a854_JaffaCakes118

Files

45a958c1adfb1961732abe0a9276a854_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9d907c72a0fc3be183feb2ef3fe1e977

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateNamedPipeA
DeleteAtom
DeleteFileA
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
GetConsoleCP
GetConsoleMode
GetExitCodeProcess
GetExitCodeThread
GetMailslotInfo
GetModuleFileNameA
GetModuleHandleA
GetNamedPipeInfo
GetProcessHeap
GetCurrentProcessId
GetProcessVersion
GetStdHandle
GetCurrentThreadId
GetThreadLocale
GetUserDefaultLCID
GlobalAlloc
IsSystemResumeAutomatic
IsValidCodePage
IsValidLocale
ReleaseMutex
ReleaseSemaphore
CreateFileMappingA
SetFilePointer
GetComputerNameA
GetBinaryTypeA
GetFileType
CancelIo
CallNamedPipeA
BackupSeek
BackupRead
lstrcmpA
lstrlenW
lstrlenA
SetCurrentDirectoryA
FlushViewOfFile
GetDriveTypeW
GetDriveTypeA
GetWindowsDirectoryW
GetWindowsDirectoryA
GetCurrentDirectoryA
GetSystemDirectoryW
GetSystemDirectoryA
GetComputerNameW
GetCurrentDirectoryW
GetFileAttributesA
GetFileAttributesW
lstrcmpW
HeapAlloc
HeapFree
OpenEventA
CompareStringA
ResetEvent
CloseHandle

ole32

OleRun

winmm

SendDriverMessage
OpenDriver
GetDriverModuleHandle
timeEndPeriod
timeBeginPeriod
DrvGetModuleHandle
CloseDriver

user32

ReleaseDC

advapi32

RegLoadKeyA
GetUserNameA
GetUserNameW

msvcrt

toupper

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

shlwapi

SHDeleteKeyA
SHDeleteKeyW
SHGetValueA
SHGetValueW
SHQueryValueExA
SHDeleteEmptyKeyW
PathIsRootA
SHEnumKeyExA
SHCopyKeyA
SHCopyKeyW
SHDeleteEmptyKeyA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 356KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data2
Size: 4KB - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d907c72a0fc3be183feb2ef3fe1e977

Headers

File Characteristics

Imports

kernel32

ole32

winmm

user32

advapi32

msvcrt

version

shlwapi

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 356KB - Virtual size: 353KB

data2 Size: 4KB - Virtual size: 1B

.rsrc Size: 4KB - Virtual size: 768B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 356KB - Virtual size: 353KB

data2
Size: 4KB - Virtual size: 1B

.rsrc
Size: 4KB - Virtual size: 768B

.reloc
Size: 4KB - Virtual size: 1KB