5532147bfd8f72eeb1cac2dd277ae69d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5532147bfd8f72eeb1cac2dd277ae69d_JaffaCakes118
Size

86KB
MD5

5532147bfd8f72eeb1cac2dd277ae69d
SHA1

6f6cf4647f01b6840fffa88a893d4b9c3d495197
SHA256

c49df30b1331d8d9ff0d47f1036d32d8def2c88fa573018dfb4653eac6774bbf
SHA512

cddc5c16e0b0e37357956ce1e9c5dd89e9635d409811a9e7cf2b735c433f53b220dbe3e9ea97ccbe2a6593fe83d83e48591e709a04fb407bdc9dd737c497c50a
SSDEEP

1536:os2/7plwpbQCtQbpkcuxgrL1EojcF21KnsCfKHq1KZegG5QpRS160L48Nir5Z:PXftQbpkcuxgrLwF2InhfKHq1KZe75QD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5532147bfd8f72eeb1cac2dd277ae69d_JaffaCakes118

Files

5532147bfd8f72eeb1cac2dd277ae69d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

98f68a524cd7815ff876837b80d0de37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
DeleteFileA
ExitProcess
FlushFileBuffers
GetACP
GetCommandLineA
GetLastError
GetModuleHandleA
GetOEMCP
GetStartupInfoA
HeapAlloc
InterlockedIncrement
RaiseException
RtlUnwind
SetErrorMode
SetLastError
Sleep
WritePrivateProfileSectionA
lstrcpyA

advapi32

RegCloseKey
RegEnumKeyA
RegLoadKeyA
RegOpenKeyExA
RegQueryValueA
LookupPrivilegeValueA

ole32

CLSIDFromProgID
CoCreateInstance
CoInitialize
CoRegisterClassObject
WriteClassStg
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
ReadClassStg
OleUninitialize
OleSaveToStream
OleInitialize
CreateStreamOnHGlobal
CoRevokeClassObject
CoGetClassObject
CreateOleAdviseHolder

user32

MessageBoxA
IsCharUpperA
IsCharLowerA
GetMessageA
EndPaint
EndMenu
EndDialog
EnableWindow
DrawIcon
DialogBoxParamA
DeleteMenu
CreateIconFromResource
CreateIcon
CharToOemA
CharLowerA
wsprintfA
GetDlgItem

shell32

ShellExecuteExA
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconA
SHBindToParent
SHFileOperationA
SHGetDesktopFolder
SHGetFileInfoA
SHGetMalloc
ShellExecuteA

shlwapi

PathIsDirectoryA
PathIsRelativeA
PathIsRootA
PathQuoteSpacesA
PathUnquoteSpacesA
SHAutoComplete
StrChrA
StrStrIA
PathFindFileNameA
PathFindExtensionA
PathFileExistsA
PathCompactPathExA
PathCanonicalizeA
PathAppendA

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionFontA
ImmSetCompositionWindow
ImmGetCompositionStringW

msvcrt

getenv
memchr
_except_handler3
memset
rand
realloc
strchr
strlen
__dllonexit
fflush

oleaut32

SysAllocStringLen
SysFreeString
VariantChangeTypeEx
VariantClear
VariantCopyInd
LoadTypeLib

Exports

Exports

Dr
Duqaycisdb
Epjhgdu
Fuiirod
Jpftgew
Jqzfvwgky
Lickawjjk
Lp
Mjpamrae
Onceuww
Stegorvtkut
Tdtsbpi
Wehqanrtqoq

Sections

.text
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98f68a524cd7815ff876837b80d0de37

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

user32

shell32

shlwapi

imm32

msvcrt

oleaut32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 24KB

.rdata Size: 30KB - Virtual size: 32KB

.data Size: 22KB - Virtual size: 24KB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 21KB - Virtual size: 24KB

.rdata
Size: 30KB - Virtual size: 32KB

.data
Size: 22KB - Virtual size: 24KB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB