fe52f92dc5638e140d654298a7ea2496_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe52f92dc5638e140d654298a7ea2496_JaffaCakes118
Size

384KB
MD5

fe52f92dc5638e140d654298a7ea2496
SHA1

6601f734534a2a86cebc24f6cbe20cf3e5cf9655
SHA256

bebc66603425b692c6e0f25ec3196ec33b566583acadfe5595f1298d7673a331
SHA512

8a10df51a1e86633bbd73ef956335cf6add66409f3d4a62afdabc03f60911a76f633f83699f24c4a01939470593e79e89ce768d65cb4378a6f8d5f79b1d72152
SSDEEP

6144:YPrtVn/ajJAKy3MbfVBCc6tkHIupwJu53RgOn01TfG4WXxxLOtk9S/lE/:YPrtNoJAKiw6c6tp0O+01AxxOtFl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe52f92dc5638e140d654298a7ea2496_JaffaCakes118

Files

fe52f92dc5638e140d654298a7ea2496_JaffaCakes118
.dll windows:5 windows x86 arch:x86

991846d368d07130780f80e8ebe54dda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\NoEspcape\DonNow\Release\Mobilier.pdb

Imports

msvcrt

_wcsnicmp
sprintf

ntdll

NtQueryMutant

kernel32

GetACP
SetTapeParameters
GetTapeParameters
GetSystemDefaultLCID
SetConsoleCP
GetNamedPipeHandleStateA
CreatePipe
IsSystemResumeAutomatic
GetLastError
InterlockedCompareExchange
ExitProcess
GetConsoleCP
LocalFree
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcess
GetSystemTime
EnumCalendarInfoA
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
lstrcpynW
GetProcAddress
GetModuleHandleW
LoadLibraryExW
Sleep
GetProcessHeap
HeapFree
GlobalDeleteAtom
GlobalGetAtomNameA
LoadLibraryW
GlobalAddAtomA
DeleteFileA
FreeLibrary
CheckRemoteDebuggerPresent
ReadProcessMemory
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
GetModuleFileNameW
TlsGetValue
SetLastError
lstrlenA
RaiseException
CloseHandle
WriteFile
IsBadReadPtr
GetDriveTypeW
GetSystemTimeAsFileTime
LCMapStringA
LocalAlloc

user32

SendMessageW
GetWindowRect
CopyImage
SendMessageTimeoutW
IsWindow
RealGetWindowClassA
GetClientRect
GetForegroundWindow
UnpackDDElParam
FreeDDElParam
CharPrevW
MsgWaitForMultipleObjects
CheckRadioButton
UnregisterHotKey

gdi32

GetDeviceCaps
DeleteMetaFile
RestoreDC
SaveDC
CloseMetaFile
CreateMetaFileA
GetSystemPaletteEntries
OffsetViewportOrgEx

advapi32

GetUserNameW
RegisterTraceGuidsW

ole32

CoCreateInstance
StringFromGUID2

Exports

Exports

ServiceMain
_array_init
_zend_hash_next_index_insert_new
ld_psupp
virtual_utime
zend_check_arg_send_type
zend_compile_break_continue
zend_compile_file
zend_declare_property_string
zend_dval_to_lval
zend_hash_bucket_swap
zend_ini_long
zend_mm_free_small
zend_stream_stdio_fsizer
zend_ts_hash_str_find_ptr

Sections

.text
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

991846d368d07130780f80e8ebe54dda

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

gdi32

advapi32

ole32

Exports

Exports

Sections

.text Size: 354KB - Virtual size: 354KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 1024B - Virtual size: 944B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 354KB - Virtual size: 354KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 11KB - Virtual size: 10KB