00c641b47e0e57c9f29513e2b3922e2b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00c641b47e0e57c9f29513e2b3922e2b_JaffaCakes118
Size

419KB
MD5

00c641b47e0e57c9f29513e2b3922e2b
SHA1

2298e7035e916f8589c784f408777b2211954a54
SHA256

bd55943e47f654434b70ac9bd065e0a16d051052fc8f7c7c2e3a8790ce93ca90
SHA512

0e22e44d4d24b924756728724e7002fe503a026dfa40c3dc4b8538babb6e3507840aa37317e3b0d509d270b0444579a8cee5e52116b670cd1644a174a67ca22f
SSDEEP

12288:ZT9ecMnCm0hknHmHG5Ao6sVh0w2Bj4e2l7D:ZMcMCm0C569P912l7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00c641b47e0e57c9f29513e2b3922e2b_JaffaCakes118

Files

00c641b47e0e57c9f29513e2b3922e2b_JaffaCakes118
.dll windows:6 windows x86 arch:x86

4ee9b5bc32bad47d3747ac4cbe7bee09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\73\count\Cat\Written\41\Left\short\77\32\36\Off\Note\Feel\Clean.pdb

Imports

kernel32

SetUnhandledExceptionFilter
DeleteCriticalSection
Sleep
GetFileSize
ReadFile
CloseHandle
LoadLibraryA
GetWindowsDirectoryA
CreateFileA
QueryPerformanceFrequency
VirtualProtect
FlushFileBuffers
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GlobalFree
GlobalLock
GlobalAlloc
GetProcAddress
FreeLibrary
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
EncodePointer
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
DuplicateHandle
CreateFileW
GetFileType
HeapAlloc
HeapValidate
GetSystemInfo
ExitProcess
GetStdHandle
WriteFile
OutputDebugStringW
WriteConsoleW
SetStdHandle
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringW
SetEndOfFile
ReadConsoleW
SetFilePointerEx
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
DecodePointer

user32

DefWindowProcA
GetClassInfoExA
ReleaseDC
GetWindowLongA
EnumWindows
CallNextHookEx

ole32

OleInitialize
OleSetContainedObject
OleUninitialize

comctl32

ImageList_LoadImageA
ImageList_Draw
PropertySheetA
CreatePropertySheetPageA
ord6

oledlg

ord3
ord6
ord11
ord9
ord1

Exports

Exports

Bemight
Strange3
Wrotepair

Sections

.text
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ee9b5bc32bad47d3747ac4cbe7bee09

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

comctl32

oledlg

Exports

Exports

Sections

.text Size: 395KB - Virtual size: 395KB

.data Size: 4KB - Virtual size: 5.1MB

.idata Size: 3KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 296B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 395KB - Virtual size: 395KB

.data
Size: 4KB - Virtual size: 5.1MB

.idata
Size: 3KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 296B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 11KB - Virtual size: 10KB