4a1b5b7b836ff51d624f75b167bd56ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a1b5b7b836ff51d624f75b167bd56ba_JaffaCakes118
Size

172KB
MD5

4a1b5b7b836ff51d624f75b167bd56ba
SHA1

2ba31cb0951f0858bd5a63c1a5adc17e9c5d88d8
SHA256

64502ee3500f6d958ae3469aeb14113bdffb7bb05624f3753da391d66fe0e2cf
SHA512

cdc434a738dea399915226aa649f8b2147e664751c5d8ce64fe21498d67897dcf4cf692fab0f509d7d158a10347075a33665bc14c20384241ab86b6452fafee0
SSDEEP

1536:4FXuwblA2ZGantXboGacDE5fDJ8jeajucGIg5b0ci2FGjWh4SQm4MtU8e6Mu:bw5AbatXbzaRfDke+0bghWh48tU56Mu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a1b5b7b836ff51d624f75b167bd56ba_JaffaCakes118

Files

4a1b5b7b836ff51d624f75b167bd56ba_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7c516a7934f7b3956102f5c7502a24d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\myworks\fwskdkfp\code\DkpClass\release\DigitalEnvelop.pdb

Imports

libeay32_0.9.8.2

ord637
ord625
ord624
ord629
ord626
ord958
ord556
ord622
ord623
ord2596
ord679
ord2894
ord961
ord266
ord3067
ord256
ord276
ord2656
ord303
ord2660
ord464
ord1070
ord290
ord654
ord2821
ord3109
ord289
ord1071
ord269
ord2630
ord285
ord333
ord908
ord907
ord1958
ord857
ord905
ord543
ord281
ord641
ord283
ord164
ord1289
ord648
ord656
ord664
ord3212
ord754
ord9
ord1304
ord1291
ord1000
ord357
ord649

kernel32

SetUnhandledExceptionFilter
SetEndOfFile
GetLocaleInfoW
CreateFileW
CreateFileA
ReadFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetModuleFileNameA
CloseHandle
SetFilePointer
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
RtlUnwind
RaiseException
GetProcAddress
GetModuleHandleA

Exports

Exports

DigEnvClose
DigEnvInit
GetErrInfo
GetExt1
Pack
SetAccessByPfx
SetCaCertAndCrlByPfx
SetPrivateKeyAndCertByPfx
Unpack

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c516a7934f7b3956102f5c7502a24d5

Headers

File Characteristics

PDB Paths

Imports

libeay32_0.9.8.2

kernel32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 8KB