5f00035c9fb5b740abaee795979b82ed_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5f00035c9fb5b740abaee795979b82ed_JaffaCakes118
Size

833KB
MD5

5f00035c9fb5b740abaee795979b82ed
SHA1

6c980a4d7cc1461645acd4c763a86b9c4e896707
SHA256

a34cb4049eb43d455d8619607cc6e1a8c380e9d8507306e9c5bc17eaed6459c4
SHA512

92f917f67ae59140909c9e6f42821c6b6396ad10e8a51b3bdfcdb86051d0967c95fe5886ae67be6cfbeef970ea8a75e6ec3f5aa56661334e6de843ed353dd46f
SSDEEP

24576:nU/lh7rH/i9rz+hwKzyUj/JGzwMgtx1EWsrbw4iaZ4gRrb0:nU9h7e9rz+t/JGz5g3uWsrbw4iaqgRro

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5f00035c9fb5b740abaee795979b82ed_JaffaCakes118

Files

5f00035c9fb5b740abaee795979b82ed_JaffaCakes118
.dll windows:6 windows x86 arch:x86

8c0d0671247235019d5724ca3b739bf7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\339\Soon_Back\Hope\Wing\Subject-sentence\Over.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
GetVersion
VirtualProtectEx
GetProcessHeap
Sleep
GetLocalTime
OpenMutexW
CreateEventW
LoadLibraryW
GetEnvironmentVariableW
CreateFileW
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
CloseHandle
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapSize
SetStdHandle
SetEnvironmentVariableW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
MultiByteToWideChar
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
GetCurrentThread
HeapFree
HeapAlloc
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateThread

ole32

OleUninitialize
OleInitialize

mprapi

MprAdminMIBEntryGetNext
MprConfigInterfaceTransportGetInfo
MprConfigServerBackup
MprConfigInterfaceTransportGetHandle
MprAdminMIBEntrySet
MprConfigInterfaceTransportSetInfo
MprConfigInterfaceTransportRemove
MprConfigInterfaceTransportEnum

Exports

Exports

Dropleave
GlassExercise
Mehope
Top

Sections

.text
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 649KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c0d0671247235019d5724ca3b739bf7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

mprapi

Exports

Exports

Sections

.text Size: 507KB - Virtual size: 507KB

.rdata Size: 284KB - Virtual size: 284KB

.data Size: 6KB - Virtual size: 649KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 507KB - Virtual size: 507KB

.rdata
Size: 284KB - Virtual size: 284KB

.data
Size: 6KB - Virtual size: 649KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB