JaffaCakes118_402faf19fd8a25cd39d5ea18dcc265f0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_402faf19fd8a25cd39d5ea18dcc265f0
Size

756KB
MD5

402faf19fd8a25cd39d5ea18dcc265f0
SHA1

1599ca89f7f1922ac3bcf9cb0cec0b8b21f9349c
SHA256

3b29649aa9d08947c21a34995dacf226e0b0b4059755ec761a1a73ad072304e8
SHA512

5f4a74d7009733e491d5731a21735e980126715a10e8b67bca8ccd9fa3c293eb8f8f5ffc7f050df63c45df0f0da5976f6f1c84f3642209c8023ca5ef9704779d
SSDEEP

12288:Codc1cG8Z3uu4Vl0coJFNnYX1NtcSmMEVYaLCl0E1mDriZSjQkEsfD+8:Codc16Vh2lvonNnq1Nt3mMExLCSEEK7+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_402faf19fd8a25cd39d5ea18dcc265f0

Files

JaffaCakes118_402faf19fd8a25cd39d5ea18dcc265f0
.dll windows:5 windows x86 arch:x86

79df75fb9d0900a4397681e3fd9d477a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
UnmapViewOfFile
CloseHandle
CreateFileA
GetFullPathNameA
GetFileAttributesA
SetFilePointer
FindClose
CreateDirectoryA
VirtualProtect
VirtualAlloc
DuplicateHandle
GetFileSize
MapViewOfFile
CreateFileMappingA
GetCurrentProcessId
VirtualFree
ReadProcessMemory
DeleteFileW
WriteFile
CreateFileW
SetErrorMode
TerminateProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
FreeLibrary
OutputDebugStringA
lstrlenA
GetModuleHandleA
GetProcAddress
IsDBCSLeadByte
HeapFree
HeapAlloc
HeapReAlloc
FlushViewOfFile
MapViewOfFileEx
SetEndOfFile
GetDriveTypeA
GetDriveTypeW
LCMapStringA
CreateFileMappingW
GetFileType
DeviceIoControl
ExpandEnvironmentStringsW
CopyFileA
SetFileAttributesA
CopyFileW
GetFileAttributesW
SetFileAttributesW
InterlockedIncrement
InterlockedDecrement
Sleep
FormatMessageA
lstrcmpW
CreateThread
TerminateThread
GetThreadSelectorEntry
ResumeThread
SuspendThread
GetThreadContext
GetProcessHeap
VirtualQueryEx
GetSystemInfo
DebugBreak
TlsFree
TlsAlloc
GetVersionExA
InitializeCriticalSection
HeapCreate
DeleteCriticalSection
HeapDestroy
TlsGetValue
FindNextFileA
TlsSetValue
GetLastError
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
SetLastError
FindFirstFileA
LoadLibraryA

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
_snprintf
isprint
sprintf
_vsnwprintf
memmove
calloc
wcscat
strncat
_ltoa
_itoa
_vsnprintf
_write
_iob
fputs
_strcmpi
strrchr
tolower
_close
_open
time
_strnicmp
vsprintf
strncpy
_stricmp
_purecall
malloc
free
isspace
ctime
_strlwr
_except_handler3
_wcsicmp
wcsncpy
wcscmp
wcsncmp
fclose
_wsplitpath
_wcsnicmp
towlower
__unDName
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
_osver
wcstol
_mbsnbcpy
fflush
_wmakepath
wcsrchr
wcscpy
_wcsdup
ftell
_wgetenv
_mbsicmp
printf
_fullpath
_access
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_read
_lseeki64
_chsize
_get_osfhandle
_open_osfhandle
_mbscmp
_memicmp
wcsncat
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__CxxFrameHandler
wcslen
qsort
strchr
strstr
strncmp
isxdigit
??2@YAPAXI@Z
??3@YAXPAX@Z
_assert
_splitpath
wprintf

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymAddSymbol
SymCleanup
SymDeleteSymbol
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSourceFile
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetParentWindow
SymSetSearchPath
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
lm
lmi
omap
srcfiles
stackdbg
sym
vc7fpo

Sections

.text
Size: 647KB - Virtual size: 646KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

79df75fb9d0900a4397681e3fd9d477a

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

version

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 647KB - Virtual size: 646KB

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 43KB - Virtual size: 42KB

.rmnet Size: 54KB - Virtual size: 56KB

.text
Size: 647KB - Virtual size: 646KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 43KB - Virtual size: 42KB

.rmnet
Size: 54KB - Virtual size: 56KB