JaffaCakes118_4935484ed5b711cc363711c853222e50

General

Target

JaffaCakes118_4935484ed5b711cc363711c853222e50
Size

128KB
MD5

4935484ed5b711cc363711c853222e50
SHA1

c633cce3c234fc1f49264e2e878eb6d1605eacef
SHA256

6748eaa3363b65e6daa99265fab9a89ef3269be1282abe5123c13e4cee9c881f
SHA512

fbb5e97c20fd2cd69b8d5c208ab7c200f5ce0c450dfbc7b678b9bddf3f829f64cf29ea5f36657727464a3d56133bff3e1cf0522b1b4149095f892201fa0d0955
SSDEEP

1536:cH+UcWuNdiwiA6vC0JxHvE+BTxZc91M4nA/TmDSc5CafQ00BoGAhAnB7:HdiFA6vC8xHvE+B9uwYND7CaQHyGAMl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4935484ed5b711cc363711c853222e50

Files

JaffaCakes118_4935484ed5b711cc363711c853222e50
.dll windows:4 windows x86 arch:x86

2a5c9e35bd91b3b518ada70efdc7f830

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetModuleHandleA
GetProcAddress
GetLocalTime
Sleep
GetCurrentProcess
VirtualQuery
GetSystemInfo
GetCommandLineA
HeapFree
GetLastError
CloseHandle
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetStdHandle
FlushFileBuffers
CreateFileA
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetLocaleInfoA
VirtualProtect
RtlUnwind

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA

setupapi

CM_Get_DevNode_Status

Exports

Exports

S6000CoInstallEntryPoint
_DllMain@12

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a5c9e35bd91b3b518ada70efdc7f830

Headers

File Characteristics

Imports

kernel32

advapi32

setupapi

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 9KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 2KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 9KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 2KB

.rmnet
Size: 60KB - Virtual size: 60KB