JaffaCakes118_b24c7398af0e444a4081e455d80a6651

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_b24c7398af0e444a4081e455d80a6651
Size

234KB
MD5

b24c7398af0e444a4081e455d80a6651
SHA1

10506c5e669ac33e57ff5806b7d98648479dad07
SHA256

d57d4ffe738d908dfb69694bb0dcde9a78519ed86494c8f002835673ce1d2906
SHA512

e0bcf67828421804f0072fa6c635eb1458f77e2010ba1e6684da6cc4b92c89b1753051e6c59603d50036aef5f300d6e6f49ed9f571a37b387435f22e9b5c6c8f
SSDEEP

6144:QqK86JU5xhG+npxA1oGzDK/0OlEa6ETMhS5yfZahy4yYAVt/GS:FK86JmG+YzDKMAEa6SMw/hypYA//GS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_b24c7398af0e444a4081e455d80a6651

Files

JaffaCakes118_b24c7398af0e444a4081e455d80a6651
.dll windows:6 windows x86 arch:x86

de85dc02a6793a31953f7fa043808421

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

icardie.pdb

Imports

msvcrt

_onexit
__dllonexit
_unlock
realloc
_adjust_fdiv
??3@YAXPAX@Z
_initterm
_XcptFilter
_lock
malloc
_amsg_exit
_errno
memset
_purecall
_wcsicmp
??2@YAPAXI@Z
_resetstkoflw
memcpy
free

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
ProgIDFromCLSID
CLSIDFromString
CoTaskMemAlloc

oleaut32

SafeArrayRedim
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetElement
SysFreeString
SysStringLen
VariantInit
VariantClear
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringByteLen
LoadTypeLi
SetErrorInfo
CreateErrorInfo
VarUI4FromStr
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysAllocStringLen
SafeArrayPutElement

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetVersionExA
GetModuleHandleW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
FormatMessageW
LocalAlloc
LocalFree
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
lstrlenA
GetModuleFileNameW
GetSystemDirectoryW
LoadLibraryExW
GetProcAddress
lstrcmpiW
MultiByteToWideChar
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW

user32

UnregisterClassA
LoadStringW
CharNextW

advapi32

RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

wininet

InternetGetSecurityInfoByURLW

shlwapi

ord158
ord156
UrlGetPartW

crypt32

CertSerializeCertificateStoreElement

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 172KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de85dc02a6793a31953f7fa043808421

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ole32

oleaut32

kernel32

user32

advapi32

wininet

shlwapi

crypt32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 3KB

.text Size: 172KB - Virtual size: 176KB

.text
Size: 47KB - Virtual size: 46KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 172KB - Virtual size: 176KB