JaffaCakes118_45bea06f99ee79237e426547e7dc3090

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_45bea06f99ee79237e426547e7dc3090
Size

179KB
MD5

45bea06f99ee79237e426547e7dc3090
SHA1

0f94758e1f700a5f8dc8427da4b566cef5f7f028
SHA256

7605610cfdad25f79c14e3e17fb1357c34b21b217873a14cd62332ec099b297d
SHA512

727e311cb3520c12c500c138757f05745ef4da85819521a1133fa3c2edbbbd5f728093071e92becfbdd6ce8875a0b53020e5f48bfba4358ddbc98b8a6e030b34
SSDEEP

3072:+yllCTzWFrLIN+vVvxmxAeiVD+EmUsLOUpc5xObDSFZZl3fkco04ft:mTzULIA9cxWViEtkuUiZZlPkp3F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_45bea06f99ee79237e426547e7dc3090

Files

JaffaCakes118_45bea06f99ee79237e426547e7dc3090
.dll windows:6 windows x86 arch:x86

7d132fc5c7cd7caa405279d584ccf860

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

occache.pdb

Imports

msvcrt

isalpha
_itoa_s
_ultoa_s
strncmp
memcpy_s
_XcptFilter
_amsg_exit
free
malloc
_initterm
_except_handler4_common
memcpy
_vsnprintf
_vsnwprintf
_strnicmp
memset

user32

CharPrevA
CharNextA
SendMessageA
GetDlgItem
EndDialog
SetWindowTextA
SetWindowLongA
GetWindowLongA
DialogBoxParamA
SetMenuDefaultItem
CheckMenuItem
CreatePopupMenu
DestroyMenu
RemoveMenu
GetSubMenu
DestroyIcon
LoadMenuA
RegisterClipboardFormatA
SetDlgItemTextA
LoadStringA
SendDlgItemMessageA
LoadIconA
GetClientRect
MessageBoxA
CharUpperA
PostMessageA

ntdll

NtFreeVirtualMemory

kernel32

LoadLibraryExA
RaiseException
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
lstrcmpiA
lstrcmpA
CompareFileTime
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
FindClose
LocalFree
LocalAlloc
GlobalAlloc
LoadLibraryA
MultiByteToWideChar
GetProcAddress
FreeLibrary
IsDBCSLeadByte
GetCPInfo
lstrlenA
FormatMessageA
VerLanguageNameA
GetPrivateProfileStringA
FindNextFileA
GetLastError
GetShortPathNameA
GetEnvironmentVariableA
CreateFileA
CloseHandle
DeleteFileA
GetSystemDirectoryA
CompareStringA
RemoveDirectoryA
GetVersionExA
GetFileTime
SetFileTime
GetLocalTime
SystemTimeToFileTime
SetErrorMode
GetFileAttributesA
GetWindowsDirectoryA
GetDiskFreeSpaceA
lstrlenW
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
GetThreadContext
SetThreadContext
VirtualQuery
GetCurrentProcess
QueryPerformanceCounter
InterlockedCompareExchange
GetTickCount
VirtualFree
FlushInstructionCache
VirtualAlloc
VirtualProtect
GetCurrentThreadId
GetCurrentProcessId
SuspendThread
ResumeThread
SetLastError
Sleep
InterlockedExchange

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExW
RegOpenCurrentUser
RegOverridePredefKey
RegSetValueA
RegCreateKeyExA
RegEnumValueA
RegEnumKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueA
RegDeleteKeyA

shlwapi

StrChrA
ord157
StrStrIA
StrCmpNIA
PathGetDriveNumberW
PathGetDriveNumberA
PathFindFileNameA
PathFileExistsA
SHRegGetValueA
PathCompactPathA
ord217
StrToIntA
ord219
StrRetToBufW

comctl32

PropertySheetA

shell32

ord25
SHGetFolderPathA
SHChangeNotify
ShellExecuteA
SHBindToParent
ord67
ExtractIconA
ord74
ord174
ord155
ord18

iertutil

ord207
ord9

Exports

Exports

DllCanUnloadNow
DllGetClassObject
FindControlClose
FindFirstControl
FindFirstControlArch
FindNextControl
FindNextControlArch
GetControlDependentFile
GetControlInfo
IsModuleRemovable
ReleaseControlHandle
RemoveControlByHandle
RemoveControlByHandle2
RemoveControlByName
RemoveControlByName2
RemoveExpiredControls
SweepControlsByLastAccessDate

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7d132fc5c7cd7caa405279d584ccf860

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

ntdll

kernel32

advapi32

shlwapi

comctl32

shell32

iertutil

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 55KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 55KB - Virtual size: 55KB

.reloc Size: 5KB - Virtual size: 5KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 55KB - Virtual size: 55KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 55KB - Virtual size: 55KB

.reloc
Size: 5KB - Virtual size: 5KB

.rmnet
Size: 56KB - Virtual size: 60KB