d231b82cf87bedf852d37b777091f9ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d231b82cf87bedf852d37b777091f9ab_JaffaCakes118
Size

833KB
MD5

d231b82cf87bedf852d37b777091f9ab
SHA1

caf637521a9e025749bd9b720f4c83d8353af104
SHA256

b0fbb65a2b1d4e9a768cc9b12572ca901e1f8fa89122d3278c01e05cc88adf2a
SHA512

292a6472a2888f7add714db5a460f810ea22c97eea62b9d59471cfc2026a61c0fbd12ed9c42b08f0f8cdea4591bc3e60fcd8351305ef26463403fb1d5fd01bc5
SSDEEP

24576:f+/lh7rH/i9rz+hwKzyUj/JGzwMgtx1EWsrbw4iaZ4gRrbE:f+9h7e9rz+t/JGz5g3uWsrbw4iaqgRrI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d231b82cf87bedf852d37b777091f9ab_JaffaCakes118

Files

d231b82cf87bedf852d37b777091f9ab_JaffaCakes118
.dll windows:6 windows x86 arch:x86

8c0d0671247235019d5724ca3b739bf7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\339\Soon_Back\Hope\Wing\Subject-sentence\Over.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
GetVersion
VirtualProtectEx
GetProcessHeap
Sleep
GetLocalTime
OpenMutexW
CreateEventW
LoadLibraryW
GetEnvironmentVariableW
CreateFileW
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
CloseHandle
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapSize
SetStdHandle
SetEnvironmentVariableW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
MultiByteToWideChar
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
GetCurrentThread
HeapFree
HeapAlloc
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateThread

ole32

OleUninitialize
OleInitialize

mprapi

MprAdminMIBEntryGetNext
MprConfigInterfaceTransportGetInfo
MprConfigServerBackup
MprConfigInterfaceTransportGetHandle
MprAdminMIBEntrySet
MprConfigInterfaceTransportSetInfo
MprConfigInterfaceTransportRemove
MprConfigInterfaceTransportEnum

Exports

Exports

Dropleave
GlassExercise
Mehope
Top

Sections

.text
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 649KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c0d0671247235019d5724ca3b739bf7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

mprapi

Exports

Exports

Sections

.text Size: 507KB - Virtual size: 507KB

.rdata Size: 284KB - Virtual size: 284KB

.data Size: 6KB - Virtual size: 649KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 507KB - Virtual size: 507KB

.rdata
Size: 284KB - Virtual size: 284KB

.data
Size: 6KB - Virtual size: 649KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB