15df4ee958de7a973c104cf38aca3064_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15df4ee958de7a973c104cf38aca3064_JaffaCakes118
Size

421KB
MD5

15df4ee958de7a973c104cf38aca3064
SHA1

3c49d4f56f43146ea07a33b33f82f89e55d1b934
SHA256

a8b19894ddb93967aca61571340be62b70c01ca79e51d36b5a68ed5ce51987ba
SHA512

dff8835083af6a1d9dd2f81527f99ad7a26c27f1041db478b4f53f7e6f51ba975d1c1bc1b56ef70a55334c9126d56dbb5e86ad4e3a37f2ce647dbc53f94c734c
SSDEEP

6144:OqlnJOFioFSmjP4tZGYfrmQqe/WkdRUy+mVl6Qvacfb+uHEyAOiI+GRqkXpg:O8CPjIriGWkdCy+mVMQvHpEygARLpg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15df4ee958de7a973c104cf38aca3064_JaffaCakes118

Files

15df4ee958de7a973c104cf38aca3064_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e81f285dd53b96cbb772ddbfeec150c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\chromium_57.0.2987.110\src\out\Release\chrome_elf.dll.pdb

Imports

kernel32

VerSetConditionMask
GetModuleHandleW
GetProcAddress
VerifyVersionInfoW
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
LoadLibraryExA
ReadConsoleW
VirtualProtect
GetCurrentProcessId
GetProcessId
GetCommandLineW
GetLastError
GetCurrentProcess
VirtualQuery
GetEnvironmentVariableW
GetNativeSystemInfo
SetEnvironmentVariableW
CreateDirectoryW
GetFileAttributesW
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLangID
GetModuleFileNameW
GetTempPathW
GetComputerNameExW
FreeLibrary
LoadLibraryW
ReadProcessMemory
WriteProcessMemory
GetModuleHandleExW
CreateFileW
CloseHandle
VirtualProtectEx
GetSystemInfo
Sleep
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetLastError
WaitForSingleObject
GetCurrentThreadId
RaiseException
CreateThread
IsDebuggerPresent
WriteFile
DeleteFileW
GetLocalTime
GetCurrentDirectoryW
FormatMessageA
GetTickCount
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TerminateProcess
OpenProcess
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
CreateEventW
SetEvent
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
ReadFile
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
FindClose
CreateRemoteThread
GetStdHandle
GetFileType
SleepEx
CreateProcessW
GetVersion
LockFileEx
UnlockFileEx
InitializeCriticalSection
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetUserDefaultLCID
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
GetFullPathNameW
GetConsoleCP
GetConsoleMode
ExitProcess
SetStdHandle
SetConsoleCtrlHandler
GetModuleFileNameA
GetACP
IsValidLocale
EnumSystemLocalesW
GetDriveTypeW
WriteConsoleW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

AddDllToBlacklist
ClearCrashKeyValueImpl
CrashForException
DumpProcessWithoutCrash
GetBlacklistIndex
GetCrashReportsImpl
GetHandleVerifier
GetInstallDetailsPayload
GetUserDataDirectoryThunk
InjectDumpForHangDebugging
InjectDumpForHungInput
InjectDumpForHungInputNoCrashKeys
InjectDumpProcessWithoutCrash
IsBlacklistInitialized
RequestSingleCrashUploadImpl
SetCrashKeyValueImpl
SetMetricsClientId
SetUploadConsentImpl
SignalChromeElf
SignalInitializeCrashReporting
SuccessfullyBlocked

Sections

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crthunk
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e81f285dd53b96cbb772ddbfeec150c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

version

Exports

Exports

Sections

.text Size: 315KB - Virtual size: 314KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 4KB - Virtual size: 17KB

.didat Size: 512B - Virtual size: 16B

.crthunk Size: 512B - Virtual size: 64B

CPADinfo Size: 512B - Virtual size: 36B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 315KB - Virtual size: 314KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 4KB - Virtual size: 17KB

.didat
Size: 512B - Virtual size: 16B

.crthunk
Size: 512B - Virtual size: 64B

CPADinfo
Size: 512B - Virtual size: 36B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB