52fc82d14de6218ad636244750f97d7d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

52fc82d14de6218ad636244750f97d7d_JaffaCakes118
Size

133KB
MD5

52fc82d14de6218ad636244750f97d7d
SHA1

72b53309ae999052abafcb6fcd815535631bac31
SHA256

b80b886b2bb80e2df93d1d047940fdef46ec5b5e375abc0c383bad642577fdce
SHA512

59cb5b08ebd355b2507cdf0c23f3104b0920b37a8c449f153cfe162b25c60ca4191aea0f47e06c653b16c222f685cb90adb29d32ef50f7dc044c3af2064c5cab
SSDEEP

3072:G3MqqDL2/7RePjK0O3kayg9v+NmHV5teET7VmynzaYkuXjrSyEQ:G8qqDL62ODR9vFtzRXjR5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52fc82d14de6218ad636244750f97d7d_JaffaCakes118

Files

52fc82d14de6218ad636244750f97d7d_JaffaCakes118
.dll windows:6 windows x86 arch:x86

6439521af9a72a501539b7935070f040

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aaclient.pdb

Imports

msvcrt

free
memset
malloc
_ltow
_ultow
wcsrchr
__CxxFrameHandler
_onexit
_lock
__dllonexit
_unlock
memcpy
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_purecall

ntdll

RtlUnwind
VerSetConditionMask

ws2_32

htonl

kernel32

lstrlenW
WideCharToMultiByte
LoadLibraryExW
VerifyVersionInfoW
RegisterWaitForSingleObject
UnregisterWaitEx
WaitForSingleObject
GetProcessHeap
HeapAlloc
HeapFree
GetComputerNameW
FreeLibrary
SetEvent
CreateEventW
GetLastError
GetProcAddress
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateThread
CreateIoCompletionPort
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead
LocalAlloc
LocalFree
GetComputerNameExW
InterlockedExchange
Sleep
InterlockedCompareExchange
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion
GetModuleFileNameW

crypt32

CertFreeCertificateContext
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CryptUnprotectData

advapi32

RegSetValueExW
RegCreateKeyExW
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegDeleteValueW
RegDeleteKeyW
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CredUnmarshalCredentialW
CredFree

mstscax

RegisterTransportExtDll

rpcrt4

I_RpcExceptionFilter
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2

Exports

Exports

LoadClientAdapter
OpenKeyReader
OpenKeyReaderWriter
g_fnStartTransport

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6439521af9a72a501539b7935070f040

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

ws2_32

kernel32

crypt32

advapi32

mstscax

rpcrt4

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 116KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 116KB - Virtual size: 116KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB