f7fa6b21ffa5f5060709fce4874aa000_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f7fa6b21ffa5f5060709fce4874aa000_JaffaCakes118
Size

1.7MB
MD5

f7fa6b21ffa5f5060709fce4874aa000
SHA1

a51e67835a5f7c504d3e54ae2c47d8baa8171e5d
SHA256

44411b9972e78980abd70792cc9083be608e6239c95118de9f664465ddc71bd3
SHA512

cad0c46b563a3e5acc4ba27cd199cb7b383c715748bb027ccecd537cb0c3a4aefdfeceb8c997b98549223aa8771a979d9ea8efce04b4817d8fb8c2757e55d18e
SSDEEP

49152:hUmHlhx21hTWob10cJsT/WrhRYCo40qaKwsgENiY1NY:pvx2nTLb1FZrEBRdK9gENj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7fa6b21ffa5f5060709fce4874aa000_JaffaCakes118

Files

f7fa6b21ffa5f5060709fce4874aa000_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f7396db70a068c56ab28bc30723bb0b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExW

kernel32

GetVersionExW
GetVersionExA
GetVersion
GetThreadLocale
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shell32

CommandLineToArgvW

user32

GetSystemMetrics

ole32

IsEqualGUID

oleaut32

SafeArrayCreate

psapi

GetProcessImageFileNameW

Exports

Exports

@@Fangg@Finalize
@@Fangg@Initialize
@@Hookapi@Finalize
@@Hookapi@Initialize
@@Quanju@Finalize
@@Quanju@Initialize
TMethodImplementationIntercept
_JiSuanShuZhi
_LmFuction
___CPPdebugHook

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7396db70a068c56ab28bc30723bb0b5

Headers

File Characteristics

Imports

advapi32

kernel32

shell32

user32

ole32

oleaut32

psapi

Exports

Exports

Sections

.text Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 76KB

.tls Size: - Virtual size: 4KB

.idata Size: - Virtual size: 4KB

.didata Size: - Virtual size: 4KB

.edata Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 1.2MB

.vmp1 Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 512B - Virtual size: 152B

.rsrc Size: 1KB - Virtual size: 10KB

.text
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 76KB

.tls
Size: - Virtual size: 4KB

.idata
Size: - Virtual size: 4KB

.didata
Size: - Virtual size: 4KB

.edata
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 1.2MB

.vmp1
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 512B - Virtual size: 152B

.rsrc
Size: 1KB - Virtual size: 10KB