04f7019f7eb580f0368c997c1c65c983_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04f7019f7eb580f0368c997c1c65c983_JaffaCakes118
Size

159KB
MD5

04f7019f7eb580f0368c997c1c65c983
SHA1

5b40045217f148dac3d4394f340b5bada8be3dec
SHA256

9978889bb741ff7534c8e2eb873b732c8194465432717becfc4066fc9782c503
SHA512

c1a5ca6f29497d9369cf3310bb4a9de1213d889fa0312e7d45efbdb0c96f91d5a6e2f41d7640a80eb628a0026f0ff56c16c1a8ec635c544fc504a3fd2b12fd56
SSDEEP

3072:3wf2ZhLOMxmIBEfFgKedVzBpsbJwYW4OZTNcgh67R:3gSDmISz+SOZTNxQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04f7019f7eb580f0368c997c1c65c983_JaffaCakes118

Files

04f7019f7eb580f0368c997c1c65c983_JaffaCakes118
.dll windows:5 windows x86 arch:x86

95b9870517ff1a7de6bbad0aa9a89ae5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
IsProcessorFeaturePresent

pcanbasic

ord7
ord1
ord5
ord6

msvcr100

_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
??2@YAPAXI@Z
_amsg_exit
clock
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??3@YAXPAX@Z
_initterm_e
_purecall
printf
strtol
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
sprintf
calloc
free
_CxxThrowException
memset
__CxxFrameHandler3
memcpy
__CppXcptFilter

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

Exports

Exports

_Send_Parameter_Get_Request
_Send_Parameter_Set_Request
_Set_CAN_RX_Active
runVCAM
terminateVCAM

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95b9870517ff1a7de6bbad0aa9a89ae5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

pcanbasic

msvcr100

msvcp100

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 57KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 57KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 15KB - Virtual size: 15KB