e9eca58f16886d190f515c719deb99a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e9eca58f16886d190f515c719deb99a6_JaffaCakes118
Size

240KB
MD5

e9eca58f16886d190f515c719deb99a6
SHA1

e7d41ecdead00620d446563b6757bdf2e8d56737
SHA256

729a9d219ac93841b4f7aa58587a0a0c00b19a62fde2b38ef9ebdd81b4c74247
SHA512

a0b7ae623fb14ae33fb52773a86efca75f95a12eaa6642c8ee2f403a377ad580ce7d19e998f34844a6fb55318c0e46faf5babe6ebd977413984f4be25264fe1d
SSDEEP

3072:SPdOGtrbR4D3Q44KwevJJkaIFKg0XWQ6uYr4dRYltxOagyMt:SFlVGA44KTkaIFSXWYYlmagN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9eca58f16886d190f515c719deb99a6_JaffaCakes118

Files

e9eca58f16886d190f515c719deb99a6_JaffaCakes118
.dll windows:5 windows x64 arch:x64

12296229bf94b5de12dc83e5be9ef9de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

kernel32

Sleep
VirtualFree
VirtualAlloc
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
SetThreadLocale
WideCharToMultiByte
MultiByteToWideChar
GetACP
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetCommandLineW
FreeLibrary
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteProcessMemory
WriteFile
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAllocEx
VirtualAlloc
TerminateProcess
Sleep
SetUnhandledExceptionFilter
SetThreadPriority
SetPriorityClass
SetFileTime
SetFilePointer
SetFileAttributesA
SetEndOfFile
ResumeThread
ReleaseMutex
ReadFile
OpenProcess
OpenMutexA
OpenFileMappingA
MoveFileA
MapViewOfFile
LocalFree
LoadLibraryA
LoadLibraryW
InitializeCriticalSection
HeapFree
HeapAlloc
GetVolumeInformationA
GetVersionExW
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetLastError
GetFullPathNameA
GetFileTime
GetFileAttributesA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
FindNextFileA
FindFirstFileA
FindClose
ExpandEnvironmentStringsA
ExitThread
DeviceIoControl
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateMutexA
CreateFileMappingA
CreateFileA
CopyFileA
CompareStringA
CloseHandle

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

advapi32

SetSecurityDescriptorDacl
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
InitializeSecurityDescriptor
AdjustTokenPrivileges
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
GetNamedSecurityInfoA
SetEntriesInAclA
StartServiceW
OpenServiceA
OpenSCManagerA
OpenSCManagerW
DeleteService
CreateServiceA
ControlService
CloseServiceHandle

ntdll

RtlInitUnicodeString
ZwUnloadDriver
ZwLoadDriver

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 189KB - Virtual size: 224.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 224.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 224.7MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 224.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 224.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 224.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 224.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 224.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 224.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12296229bf94b5de12dc83e5be9ef9de

Headers

File Characteristics

Imports

oleaut32

kernel32

version

advapi32

ntdll

Exports

Exports

Sections

.text Size: 189KB - Virtual size: 224.5MB

.data Size: 22KB - Virtual size: 224.7MB

.bss Size: - Virtual size: 224.7MB

.idata Size: 5KB - Virtual size: 224.7MB

.didata Size: 512B - Virtual size: 224.8MB

.edata Size: 512B - Virtual size: 224.8MB

.rdata Size: 512B - Virtual size: 224.8MB

.reloc Size: 6KB - Virtual size: 224.8MB

.pdata Size: 11KB - Virtual size: 224.8MB

.rsrc Size: 512B - Virtual size: 224.8MB

.text
Size: 189KB - Virtual size: 224.5MB

.data
Size: 22KB - Virtual size: 224.7MB

.bss
Size: - Virtual size: 224.7MB

.idata
Size: 5KB - Virtual size: 224.7MB

.didata
Size: 512B - Virtual size: 224.8MB

.edata
Size: 512B - Virtual size: 224.8MB

.rdata
Size: 512B - Virtual size: 224.8MB

.reloc
Size: 6KB - Virtual size: 224.8MB

.pdata
Size: 11KB - Virtual size: 224.8MB

.rsrc
Size: 512B - Virtual size: 224.8MB