5513be43485fe302e73fc08e6016d480_JaffaCakes118

General

Target

5513be43485fe302e73fc08e6016d480_JaffaCakes118
Size

148KB
MD5

5513be43485fe302e73fc08e6016d480
SHA1

24f6da94ad3d3358aa179f204ecc8cf539f46e77
SHA256

dda294309f68b4ef26e9cb2dae9073048066affe3c113a69d0209168315af853
SHA512

a6e05957eb974b1d5119651a8a276215fdb219906691d762a08e840b56679aceb687b7af61b8d8e2dcd20fced502f4e5e2afe121b819b394770f88d9d7d76d5b
SSDEEP

1536:AENWJM3Smf98zREi69ptNj9qrfnhuxOvZKFHfz1DXAH:Afsf+dEd9pvj9qr8xOQ5DY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5513be43485fe302e73fc08e6016d480_JaffaCakes118

Files

5513be43485fe302e73fc08e6016d480_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d091c07a780f0f8361806e6eed7cc628

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

factWnight.pdb

Imports

kernel32

GetStdHandle
RegisterWaitForSingleObjectEx
GetFullPathNameA
DeleteTimerQueueTimer
MoveFileWithProgressA
LockResource
GetConsoleTitleW
SetErrorMode
GetTickCount
GetLocaleInfoA
SetPriorityClass
GetProcessWorkingSetSize
SetTimerQueueTimer
EscapeCommFunction
VirtualProtectEx
HeapQueryInformation
WaitForMultipleObjects
SetProcessShutdownParameters
Sleep
CreateHardLinkW
FindNextVolumeA
SetTapeParameters
LocalFlags
VirtualAlloc
GetProfileStringW
VirtualProtect
FindNextVolumeA

msvcrt

memcpy
strlen

advapi32

CryptDestroyHash
RegQueryValueExA
ChangeServiceConfigA
UnlockServiceDatabase
RegDeleteKeyA
ObjectCloseAuditAlarmW
RegCloseKey
SetAclInformation
CreateProcessAsUserW
AccessCheckByTypeAndAuditAlarmA
RegGetKeySecurity
RegOverridePredefKey
ObjectDeleteAuditAlarmA
CryptGetUserKey
QueryServiceLockStatusW
GetSidIdentifierAuthority

Exports

Exports

CellBackup
CellRibbonDesktop

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d091c07a780f0f8361806e6eed7cc628

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

advapi32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 9KB - Virtual size: 9KB

.idata Size: 94KB - Virtual size: 93KB

.edata Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 32KB

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 9KB - Virtual size: 9KB

.idata
Size: 94KB - Virtual size: 93KB

.edata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 32KB