JaffaCakes118_fef1aa1a5a14b82840d545d12f5fe3c5506ec061cc46cbb2eabbb62050786a5a

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_fef1aa1a5a14b82840d545d12f5fe3c5506ec061cc46cbb2eabbb62050786a5a
Size

279KB
MD5

3ef0b8bc95dd9c259c21346919186880
SHA1

c67c79f04e7cb676fa4268c1d63e038ada12abff
SHA256

fef1aa1a5a14b82840d545d12f5fe3c5506ec061cc46cbb2eabbb62050786a5a
SHA512

22d6646247557582a4ab0a8d91dc0d9f5ba17da232bac15751c3687c3ad76bfeca1639eaaf87d45848dacd4394b7e6c07d53810875d6f033b9a4f8ba992be885
SSDEEP

6144:S4daaWToT28b0UK+QdHecKHsRn7a9USgAbngF9N7RuElYOQarOb:S4AaHqRLHmmyg1FiLarOb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1f5601330ff7c273e54d37999c93dfc9e6dce843635244327d24d42087eb2479

Files

JaffaCakes118_fef1aa1a5a14b82840d545d12f5fe3c5506ec061cc46cbb2eabbb62050786a5a
.zip

Password: infected
1f5601330ff7c273e54d37999c93dfc9e6dce843635244327d24d42087eb2479
.dll regsvr32 windows:5 windows x86 arch:x86

165f0d07c419bae9cb5a3acf3a2d9ad8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
Sleep
SetStdHandle
WriteConsoleW
CreateThread
FindResourceW
LoadResource
SizeofResource
lstrlenA
MulDiv
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetLastError
HeapFree
RaiseException
RtlUnwind
GetCurrentThreadId
GetCommandLineA
LCMapStringW
GetCPInfo
HeapAlloc
HeapCreate
HeapDestroy
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
GetLocaleInfoW
HeapReAlloc
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
LoadLibraryW
CreateFileW

user32

GetDC

gdi32

CreateCompatibleDC
SelectObject
SelectPalette
RealizePalette
GetDeviceCaps
GetObjectW

Exports

Exports

DllRegisterServer
GetDisplay

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

165f0d07c419bae9cb5a3acf3a2d9ad8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 208KB - Virtual size: 207KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 208KB - Virtual size: 207KB

.reloc
Size: 8KB - Virtual size: 7KB