MDE_File_Sample_58398ba5cda1b7cb89ad4e03dd4a658006956f81acfef4efb4e7dd934e2733ef[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_58398ba5cda1b7cb89ad4e03dd4a658006956f81acfef4efb4e7dd934e2733ef.zip
Size

50KB
MD5

c40ff3e974c6a6a959fbb7f414ba53b7
SHA1

29cc3967e17496af820a6a2481715caaaed30ead
SHA256

b6b6f2bdf68741ebceeeb7cb4900f600aabe10aae7dad55aa86960af1ec1b18f
SHA512

8b6dc89bc1f0ce6173ace4e9675fcb0df5a2edb67967520bf55c0c17148c83ea9cd2dd4e20ad55664325fea96f0795398db988b41adb52a35b87f7fa719d325b
SSDEEP

1536:fFVTkuSZWfAefz/T/URqrPiMNCJdeF0vXcohp7+C:NV4uSgf9fzrgSFCCicmxP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/jffi5916500623502349390.tmp

Files

MDE_File_Sample_58398ba5cda1b7cb89ad4e03dd4a658006956f81acfef4efb4e7dd934e2733ef.zip
.zip

Password: 15Sharks93!
jffi5916500623502349390.tmp
.dll windows:4 windows x64

Password: 15Sharks93!

e87cfb93391469bbe78cee91d56f5c1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
ReleaseSemaphore
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__dllonexit
__iob_func
__mb_cur_max
_amsg_exit
_errno
_initterm
_lock
_onexit
_strnicmp
_unlock
_vsnprintf
abort
atoi
calloc
fputc
free
getenv
isspace
localeconv
malloc
memchr
memcpy
memmove
memset
realloc
setlocale
signal
sprintf
strchr
strerror
strlen
strncmp
wcslen
wcstombs

Exports

Exports

JNI_OnLoad
JNI_OnUnload
Java_com_kenai_jffi_Foreign_VirtualAlloc
Java_com_kenai_jffi_Foreign_VirtualFree
Java_com_kenai_jffi_Foreign_VirtualProtect
Java_com_kenai_jffi_Foreign_allocObject
Java_com_kenai_jffi_Foreign_allocateMemory
Java_com_kenai_jffi_Foreign_closureMagazineGet
Java_com_kenai_jffi_Foreign_copyMemory
Java_com_kenai_jffi_Foreign_defineClass__Ljava_lang_String_2Ljava_lang_Object_2Ljava_nio_ByteBuffer_2
Java_com_kenai_jffi_Foreign_defineClass__Ljava_lang_String_2Ljava_lang_Object_2_3BII
Java_com_kenai_jffi_Foreign_dlclose
Java_com_kenai_jffi_Foreign_dlerror
Java_com_kenai_jffi_Foreign_dlopen
Java_com_kenai_jffi_Foreign_dlsym
Java_com_kenai_jffi_Foreign_fatalError
Java_com_kenai_jffi_Foreign_freeAggregate
Java_com_kenai_jffi_Foreign_freeCallContext
Java_com_kenai_jffi_Foreign_freeClosureMagazine
Java_com_kenai_jffi_Foreign_freeMemory
Java_com_kenai_jffi_Foreign_getAddress
Java_com_kenai_jffi_Foreign_getArch
Java_com_kenai_jffi_Foreign_getBoolean
Java_com_kenai_jffi_Foreign_getBooleanArray
Java_com_kenai_jffi_Foreign_getByte
Java_com_kenai_jffi_Foreign_getByteArray
Java_com_kenai_jffi_Foreign_getCallContextRawParameterSize
Java_com_kenai_jffi_Foreign_getChar
Java_com_kenai_jffi_Foreign_getCharArray
Java_com_kenai_jffi_Foreign_getDirectBufferAddress
Java_com_kenai_jffi_Foreign_getDouble
Java_com_kenai_jffi_Foreign_getDoubleArray
Java_com_kenai_jffi_Foreign_getFloat
Java_com_kenai_jffi_Foreign_getFloatArray
Java_com_kenai_jffi_Foreign_getInt
Java_com_kenai_jffi_Foreign_getIntArray
Java_com_kenai_jffi_Foreign_getJNIVersion
Java_com_kenai_jffi_Foreign_getJavaVM
Java_com_kenai_jffi_Foreign_getLastError
Java_com_kenai_jffi_Foreign_getLong
Java_com_kenai_jffi_Foreign_getLongArray
Java_com_kenai_jffi_Foreign_getSaveErrnoCtxFunction
Java_com_kenai_jffi_Foreign_getSaveErrnoFunction
Java_com_kenai_jffi_Foreign_getShort
Java_com_kenai_jffi_Foreign_getShortArray
Java_com_kenai_jffi_Foreign_getTypeAlign
Java_com_kenai_jffi_Foreign_getTypeSize
Java_com_kenai_jffi_Foreign_getTypeType
Java_com_kenai_jffi_Foreign_getVersion
Java_com_kenai_jffi_Foreign_getZeroTerminatedByteArray__J
Java_com_kenai_jffi_Foreign_getZeroTerminatedByteArray__JI
Java_com_kenai_jffi_Foreign_getZeroTerminatedByteArray__JJ
Java_com_kenai_jffi_Foreign_init
Java_com_kenai_jffi_Foreign_invokeArrayO1Int32
Java_com_kenai_jffi_Foreign_invokeArrayO1Int64
Java_com_kenai_jffi_Foreign_invokeArrayO2Int32
Java_com_kenai_jffi_Foreign_invokeArrayO2Int64
Java_com_kenai_jffi_Foreign_invokeArrayReturnDouble
Java_com_kenai_jffi_Foreign_invokeArrayReturnFloat
Java_com_kenai_jffi_Foreign_invokeArrayReturnInt
Java_com_kenai_jffi_Foreign_invokeArrayReturnLong
Java_com_kenai_jffi_Foreign_invokeArrayReturnStruct
Java_com_kenai_jffi_Foreign_invokeArrayWithObjectsDouble
Java_com_kenai_jffi_Foreign_invokeArrayWithObjectsFloat
Java_com_kenai_jffi_Foreign_invokeArrayWithObjectsInt32
Java_com_kenai_jffi_Foreign_invokeArrayWithObjectsInt64
Java_com_kenai_jffi_Foreign_invokeArrayWithObjectsReturnStruct
Java_com_kenai_jffi_Foreign_invokeI0
Java_com_kenai_jffi_Foreign_invokeI0NoErrno
Java_com_kenai_jffi_Foreign_invokeI1
Java_com_kenai_jffi_Foreign_invokeI1NoErrno
Java_com_kenai_jffi_Foreign_invokeI2
Java_com_kenai_jffi_Foreign_invokeI2NoErrno
Java_com_kenai_jffi_Foreign_invokeI3
Java_com_kenai_jffi_Foreign_invokeI3NoErrno
Java_com_kenai_jffi_Foreign_invokeI4
Java_com_kenai_jffi_Foreign_invokeI4NoErrno
Java_com_kenai_jffi_Foreign_invokeI5
Java_com_kenai_jffi_Foreign_invokeI5NoErrno
Java_com_kenai_jffi_Foreign_invokeI6
Java_com_kenai_jffi_Foreign_invokeI6NoErrno
Java_com_kenai_jffi_Foreign_invokeL0
Java_com_kenai_jffi_Foreign_invokeL0NoErrno
Java_com_kenai_jffi_Foreign_invokeL1
Java_com_kenai_jffi_Foreign_invokeL1NoErrno
Java_com_kenai_jffi_Foreign_invokeL2
Java_com_kenai_jffi_Foreign_invokeL2NoErrno
Java_com_kenai_jffi_Foreign_invokeL3
Java_com_kenai_jffi_Foreign_invokeL3NoErrno
Java_com_kenai_jffi_Foreign_invokeL4
Java_com_kenai_jffi_Foreign_invokeL4NoErrno
Java_com_kenai_jffi_Foreign_invokeL5
Java_com_kenai_jffi_Foreign_invokeL5NoErrno
Java_com_kenai_jffi_Foreign_invokeL6
Java_com_kenai_jffi_Foreign_invokeL6NoErrno
Java_com_kenai_jffi_Foreign_invokeN0
Java_com_kenai_jffi_Foreign_invokeN1
Java_com_kenai_jffi_Foreign_invokeN1O1
Java_com_kenai_jffi_Foreign_invokeN2
Java_com_kenai_jffi_Foreign_invokeN2O1
Java_com_kenai_jffi_Foreign_invokeN2O2
Java_com_kenai_jffi_Foreign_invokeN3
Java_com_kenai_jffi_Foreign_invokeN3O1
Java_com_kenai_jffi_Foreign_invokeN3O2
Java_com_kenai_jffi_Foreign_invokeN3O3
Java_com_kenai_jffi_Foreign_invokeN4
Java_com_kenai_jffi_Foreign_invokeN4O1
Java_com_kenai_jffi_Foreign_invokeN4O2
Java_com_kenai_jffi_Foreign_invokeN4O3
Java_com_kenai_jffi_Foreign_invokeN4O4
Java_com_kenai_jffi_Foreign_invokeN5
Java_com_kenai_jffi_Foreign_invokeN5O1
Java_com_kenai_jffi_Foreign_invokeN5O2
Java_com_kenai_jffi_Foreign_invokeN5O3
Java_com_kenai_jffi_Foreign_invokeN5O4
Java_com_kenai_jffi_Foreign_invokeN5O5
Java_com_kenai_jffi_Foreign_invokeN6
Java_com_kenai_jffi_Foreign_invokeN6O1
Java_com_kenai_jffi_Foreign_invokeN6O2
Java_com_kenai_jffi_Foreign_invokeN6O3
Java_com_kenai_jffi_Foreign_invokeN6O4
Java_com_kenai_jffi_Foreign_invokeN6O5
Java_com_kenai_jffi_Foreign_invokeN6O6
Java_com_kenai_jffi_Foreign_invokePointerParameterArray
Java_com_kenai_jffi_Foreign_isRawParameterPackingEnabled
Java_com_kenai_jffi_Foreign_longDoubleFromDouble
Java_com_kenai_jffi_Foreign_longDoubleFromString
Java_com_kenai_jffi_Foreign_longDoubleToDouble
Java_com_kenai_jffi_Foreign_longDoubleToEngineeringString
Java_com_kenai_jffi_Foreign_longDoubleToPlainString
Java_com_kenai_jffi_Foreign_longDoubleToString
Java_com_kenai_jffi_Foreign_lookupBuiltinType
Java_com_kenai_jffi_Foreign_memchr
Java_com_kenai_jffi_Foreign_memcpy
Java_com_kenai_jffi_Foreign_memmove
Java_com_kenai_jffi_Foreign_newArray
Java_com_kenai_jffi_Foreign_newCallContext
Java_com_kenai_jffi_Foreign_newClosureMagazine
Java_com_kenai_jffi_Foreign_newDirectByteBuffer
Java_com_kenai_jffi_Foreign_newStruct
Java_com_kenai_jffi_Foreign_pageSize
Java_com_kenai_jffi_Foreign_putAddress
Java_com_kenai_jffi_Foreign_putBoolean
Java_com_kenai_jffi_Foreign_putBooleanArray
Java_com_kenai_jffi_Foreign_putByte
Java_com_kenai_jffi_Foreign_putByteArray
Java_com_kenai_jffi_Foreign_putChar
Java_com_kenai_jffi_Foreign_putCharArray
Java_com_kenai_jffi_Foreign_putDouble
Java_com_kenai_jffi_Foreign_putDoubleArray
Java_com_kenai_jffi_Foreign_putFloat
Java_com_kenai_jffi_Foreign_putFloatArray
Java_com_kenai_jffi_Foreign_putInt
Java_com_kenai_jffi_Foreign_putIntArray
Java_com_kenai_jffi_Foreign_putLong
Java_com_kenai_jffi_Foreign_putLongArray
Java_com_kenai_jffi_Foreign_putShort
Java_com_kenai_jffi_Foreign_putShortArray
Java_com_kenai_jffi_Foreign_putZeroTerminatedByteArray
Java_com_kenai_jffi_Foreign_registerNatives
Java_com_kenai_jffi_Foreign_setCallContextErrorFunction
Java_com_kenai_jffi_Foreign_setLastError
Java_com_kenai_jffi_Foreign_setMemory
Java_com_kenai_jffi_Foreign_strlen
Java_com_kenai_jffi_Foreign_unregisterNatives

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 15Sharks93!

Password: 15Sharks93!

e87cfb93391469bbe78cee91d56f5c1f

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 63KB

.data Size: 512B - Virtual size: 304B

.rdata Size: 4KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 3KB

.xdata Size: 4KB - Virtual size: 3KB

.bss Size: - Virtual size: 4KB

.edata Size: 9KB - Virtual size: 8KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 72B

.reloc Size: 512B - Virtual size: 80B

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 512B - Virtual size: 304B

.rdata
Size: 4KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 3KB

.xdata
Size: 4KB - Virtual size: 3KB

.bss
Size: - Virtual size: 4KB

.edata
Size: 9KB - Virtual size: 8KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 72B

.reloc
Size: 512B - Virtual size: 80B