45f2c44fb01978c003f3c7c922886e94_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

45f2c44fb01978c003f3c7c922886e94_JaffaCakes118
Size

380KB
MD5

45f2c44fb01978c003f3c7c922886e94
SHA1

eecc953e177cf76a8462dbe644a01a59661ca7bb
SHA256

7036ca3a6a2aa8a28c5b14b9ca466a0f6e00324aec4522cfbd79ee4490334dea
SHA512

f1dc2db9aa87cbb16bc56d0685ee38ba1f264aaefb29d5552f61ad24ef71903b5275162e384ea17eff6cd39b6a575032db1c347555839f0d9c01397b246ec351
SSDEEP

6144:pYhZ+/SGvmabJilf5U5ZtyCVoAK2M0/j2Uy4VnIJtqwm5DKtykV/J+kTH17sHBZ3:pYhE/SGvmabJilfq5ZtyCVTK2M0/j2Ur

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45f2c44fb01978c003f3c7c922886e94_JaffaCakes118

Files

45f2c44fb01978c003f3c7c922886e94_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f8753e607c65918b466a6eee15312717

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_adjust_fdiv
_chmod
rename
__dllonexit
_initterm
_onexit
isdigit
_mbctype
??3@YAXPAX@Z
rand
memmove
strchr
_stricmp
strftime
_iob
fprintf
__CxxFrameHandler
difftime
time
strncpy
localtime
mktime
sprintf
strstr
printf
atol
_purecall
atoi
_ismbcspace
_vsnprintf
free
realloc
_lseeki64
malloc
_telli64
_errno
_chsize
_fstat
isspace
iscntrl
_strnicmp
strncmp
strpbrk
tolower
strrchr
getenv
??2@YAPAXI@Z
_stat
_strcmpi
_putenv
_sopen
_unlink
_write
_read
_tell
_lseek
_chdir
_open
_creat
_close
_mkdir
_rmdir
_getcwd

ole32

CoCreateInstance
CoInitialize
CoUninitialize

user32

wsprintfA
CharLowerA
SendMessageTimeoutA
EnumWindows
GetSystemMetrics
GetWindowLongA
SetWindowLongA
DestroyIcon
SystemParametersInfoA
SetWindowPos
SetForegroundWindow
CharNextA
CharPrevA
DdeDisconnect
DdeGetLastError
DdeConnect
DdeCreateStringHandleA
DdeFreeStringHandle
DdeInitializeA
DdeUninitialize
DdeFreeDataHandle
DdeGetData
DdeClientTransaction
FindWindowA

advapi32

RegEnumValueA
RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegSetValueA
RegEnumKeyExA
RegQueryValueA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

shell32

SHChangeNotify
ExtractIconExA

kernel32

GetDiskFreeSpaceA
GetShortPathNameA
WideCharToMultiByte
GetTickCount
MultiByteToWideChar
DeleteFileA
GlobalMemoryStatus
CopyFileA
CreateMutexA
GetLastError
Sleep
GetPrivateProfileStringA
GetVersionExA
WritePrivateProfileStringA
GetWindowsDirectoryA
LoadLibraryA
GetPrivateProfileSectionNamesA
FreeLibrary
CreateFileA
GetProcAddress
ReadFile
SetFilePointer
GetFileSize
CloseHandle
InterlockedIncrement
WriteFile
WaitForSingleObject
GetModuleFileNameA
GetCurrentProcess
GetSystemDirectoryA
lstrcpynA
lstrcpyA
GetProfileStringA
GetSystemInfo
UnmapViewOfFile
WinExec
CreateFileMappingA
GetTempFileNameA
MapViewOfFile
SetProcessWorkingSetSize
lstrlenA
SetErrorMode
FindFirstFileA
FindNextFileA
FindClose
GetDriveTypeA
GetTempPathA
GetVersion
ResetEvent
SetEvent
CreateEventA
InterlockedDecrement

Exports

Exports

?DdeCallback@@YGPAUHDDEDATA__@@IIPAUHCONV__@@PAUHSZ__@@1PAU1@KK@Z
EventCallback
OnInstall
OnUninstall
RMACreateInstance
RMAShutdown
SetDLLAccessPath

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 378B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f8753e607c65918b466a6eee15312717

Headers

File Characteristics

Imports

pncrt

ole32

user32

advapi32

shell32

kernel32

Exports

Exports

Sections

.text Size: 300KB - Virtual size: 298KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 16KB - Virtual size: 20KB

_DATA Size: 4KB - Virtual size: 378B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 17KB

.text Size: 132KB - Virtual size: 132KB

.text
Size: 300KB - Virtual size: 298KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 16KB - Virtual size: 20KB

_DATA
Size: 4KB - Virtual size: 378B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 132KB - Virtual size: 132KB