JaffaCakes118_4b4b4acce5905c70900e4d63547dedee52446a94750954787f87949715a6179c

General

Target

JaffaCakes118_4b4b4acce5905c70900e4d63547dedee52446a94750954787f87949715a6179c
Size

279KB
MD5

69087afdca5b68a54bf628ce48f2be27
SHA1

277f7a8dd35a9a803f1b32ea8c5e607c3d62f8fd
SHA256

4b4b4acce5905c70900e4d63547dedee52446a94750954787f87949715a6179c
SHA512

ed17b34d647532a0d5b5b16ab6c56fd0d83af020f1aaa5f6e6714aa61ed2442484c929eb38c958e4f2a4a214094d1460b02f0de38dbe97ab65ec30b093a35cc4
SSDEEP

6144:s+0Ye4AjUlQMB9fcvTWjGi7HfPTBoPMWi1SjHkk4Eroa5uVvRBRlH:s++YDETmfdoE71SjHZvu3VH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/oniac.dll

Files

JaffaCakes118_4b4b4acce5905c70900e4d63547dedee52446a94750954787f87949715a6179c
.zip
oniac.dll
.dll regsvr32 windows:4 windows x86 arch:x86

75d554dd2b5b86df2884d0e8cda9181e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Beauregard\Downloads\Urdu(Pakis2120577152008\Urdu (Pakistan) Text Writer(Source)\Release\Urdu (Pakistan) Text Writer.pdb

Imports

kernel32

WriteFile
GetModuleHandleA
GetLastError
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
GetModuleFileNameA
HeapSize
GetCPInfo
GetOEMCP
GetModuleHandleExA
GetProcAddress
GetACP
InitializeCriticalSection
VirtualQuery
GetCurrentProcess
InterlockedExchange
RtlUnwind
LoadLibraryA
UnhandledExceptionFilter
ExitProcess
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
TerminateProcess
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW

Exports

Exports

DllRegisterServer

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
start.bat

Sharing

General

Malware Config

Signatures

Files

75d554dd2b5b86df2884d0e8cda9181e

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 352KB - Virtual size: 351KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 352KB - Virtual size: 351KB

.reloc
Size: 8KB - Virtual size: 4KB