48fbb083618c2345c6c2e425031bb892_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48fbb083618c2345c6c2e425031bb892_JaffaCakes118
Size

324KB
MD5

48fbb083618c2345c6c2e425031bb892
SHA1

3f7831b06418c552ed62bed461aa58b646e4ea3b
SHA256

5cd0ba8831c23cecc2fb2897a806f85bf384bd6f3c580ae8d1279144039945ea
SHA512

9ede34c0b16c0538f01da7be0ed6bfb449ab99579e8941d5c7499db982d6fd6dcd90700a2d8593c916c2aea2cc38d2b4b3a77966cf83e9c237f445ef2b13f8e2
SSDEEP

6144:OozSbRUYkG/l6bkuO1LE3yQeeaQeehQeesQeep7QeehQee07g/3yVxEsNeMosvsz:O0+RUYkgl6bkur3g/ljLz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48fbb083618c2345c6c2e425031bb892_JaffaCakes118

Files

48fbb083618c2345c6c2e425031bb892_JaffaCakes118
.dll windows:6 windows x86 arch:x86

44ef4eca9aaab03eac44b959beb510cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
DeleteFileA
GetTempPathA
VirtualProtect
GetModuleHandleA
FindNextFileA
GetModuleFileNameA
FindClose
FindFirstFileA
Sleep
K32EnumProcessModules
GetPrivateProfileIntA
GetCurrentProcess
FlushInstructionCache
SetLastError
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
GetProcAddress
VirtualFree
VirtualAlloc
GetSystemInfo
OutputDebugStringA

user32

GetMessageA
SetRect
RegisterHotKey

msvcp120

?_Winerror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z

msvcr120

_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_crt_debugger_hook
strstr
malloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
vsprintf_s
memmove
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
?terminate@@YAXXZ
_lock
__clean_type_info_names_internal
_CxxThrowException
memcpy
_ftol
strncpy
_CIacos
_finite
iswpunct
iswdigit
iswalpha
iswspace
modf
__CxxFrameHandler
floor
memset
__CxxFrameHandler3

gdi32

CreateDIBSection
DeleteDC
DeleteObject
SelectObject
GetCharacterPlacementA
GetGlyphOutlineA
SetTextColor
SetBkColor
SetBkMode
GetTextMetricsW
GetFontLanguageInfo
GetTextMetricsA
GetObjectW
GetCharacterPlacementW
MoveToEx
ExtTextOutW
GetObjectA
ExtTextOutA
CreateCompatibleDC
SetMapMode
SetTextAlign
CreateFontIndirectW
CreateFontIndirectA

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44ef4eca9aaab03eac44b959beb510cb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp120

msvcr120

gdi32

advapi32

Sections

.text Size: 201KB - Virtual size: 200KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 40KB - Virtual size: 49KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 201KB - Virtual size: 200KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 40KB - Virtual size: 49KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 10KB - Virtual size: 10KB