52d48600232c5a78fe3999d66503479a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

52d48600232c5a78fe3999d66503479a_JaffaCakes118
Size

49KB
MD5

52d48600232c5a78fe3999d66503479a
SHA1

fd4e597f98b3c710a94005e124e11acd6708472a
SHA256

b2e72f1c21cd716a407845903a31f4152d8713d1aca50a3b3f9c29fffa2b5450
SHA512

f531be3c3577904ed7bbaa62c216f5aa3908401c12d6630fe144fc00354ae7ea6a9e1f50b42edd46446577ebaa6d33d6a9346ea127f33e8533ee6389cb1a6e64
SSDEEP

1536:cN2OvEbpKCrXu66rXbe5B8ZtYqnm0E6Y:fO8zulrXykt7u6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52d48600232c5a78fe3999d66503479a_JaffaCakes118

Files

52d48600232c5a78fe3999d66503479a_JaffaCakes118
.dll windows:1 windows x86 arch:x86

7792c517ea23a7001695640aadc5244e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ExitProcess
FormatMessageA
FreeLibrary
GetFileType
GetLastError
GetStdHandle
GetVersion
LoadLibraryExA
LocalFree
LocalHandle
VirtualAlloc
VirtualFree
WriteFile

iredos

DosFreeModule
WinLoadString
WinMapDlgPoints
WinQuerySysValue
WinSendDlgItemMsg

iresupp

HeapAllocate
HeapFreeMem
HeapMalloc
HeapRelease
PdsExceptionFilter
PdsExceptionLookup
PdsGetMessage
PdsLoadModule
PdsMessageBox
PdsQueryPathEnd
PdsRecordRecoverableException

irever

ord1

rcsuppi

ord36
ord7
ord23
ord22
ord28
ord27
ord31
ord35
ord32
ord1
ord3
ord4
ord16
ord26
ord11
ord17
ord14
ord2
ord12
ord21
ord24
ord25

Exports

Exports

RcWinDllExceptionLookup
SaveWinRC
pszFormWinItemStyles

Sections

txt0
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss1
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dat2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

exp3
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dat4
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

imp5
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dat6
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dat7
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7792c517ea23a7001695640aadc5244e

Headers

File Characteristics

Imports

kernel32

iredos

iresupp

irever

rcsuppi

Exports

Exports

Sections

txt0 Size: 40KB - Virtual size: 40KB

bss1 Size: 1024B - Virtual size: 560B

dat2 Size: 1KB - Virtual size: 1KB

exp3 Size: 512B - Virtual size: 136B

dat4 Size: 512B - Virtual size: 12B

imp5 Size: 1KB - Virtual size: 1KB

dat6 Size: 1KB - Virtual size: 1KB

dat7 Size: 512B - Virtual size: 284B

.reloc Size: 1KB - Virtual size: 1KB

txt0
Size: 40KB - Virtual size: 40KB

bss1
Size: 1024B - Virtual size: 560B

dat2
Size: 1KB - Virtual size: 1KB

exp3
Size: 512B - Virtual size: 136B

dat4
Size: 512B - Virtual size: 12B

imp5
Size: 1KB - Virtual size: 1KB

dat6
Size: 1KB - Virtual size: 1KB

dat7
Size: 512B - Virtual size: 284B

.reloc
Size: 1KB - Virtual size: 1KB