5fb43bc53a57acd15ad463d2e6b7c511_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5fb43bc53a57acd15ad463d2e6b7c511_JaffaCakes118
Size

414KB
MD5

5fb43bc53a57acd15ad463d2e6b7c511
SHA1

4411257bd0758059737b7008e71a6b084b90418c
SHA256

b5399025d73dfb850df68017dfa81ce5f83bd9eeb7db056fffeca55ad3bcea65
SHA512

a82b20dba24e24b43c3cda3fef5a836d20e4acee06f1012e9486265ed8c6896f1902654cac3f0687cdf2fbcd955faaf003eec80f5d698dd783e6c4862a71f9e1
SSDEEP

6144:7l7Kr0ltJNgXq0KETxSInnNyduspvH/fN176+uCZV7T0zau/7Ia:7FKr0lt7g60vFSOA8spi+PZp0zau/7t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fb43bc53a57acd15ad463d2e6b7c511_JaffaCakes118

Files

5fb43bc53a57acd15ad463d2e6b7c511_JaffaCakes118
.dll windows:6 windows x86 arch:x86

3b6e2175af86921dd64f036f269cc49a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\93\86\56\wind\cow\Kind\32\59\idea\believe\over\city\Moment\Tie\Class.pdb

Imports

kernel32

GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
CreateProcessA
Sleep
SetEvent
GetEnvironmentVariableA
SetEndOfFile
GetWindowsDirectoryA
CreatePipe
EnterCriticalSection
InitializeCriticalSection
SetErrorMode
GetCurrentProcess
VirtualProtect
GlobalFree
GlobalLock
GlobalAlloc
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CloseHandle
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
EncodePointer
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
ReadFile
GetStdHandle
GetFileType
WriteConsoleW
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapValidate
GetSystemInfo
GetStringTypeW
GetACP
WriteFile
OutputDebugStringA
OutputDebugStringW
CreateThread
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
SetStdHandle
FlushFileBuffers
CreateFileW
DecodePointer

comctl32

ImageList_LoadImageA
DestroyPropertySheetPage
ord6
ImageList_SetOverlayImage
ImageList_Draw
CreateToolbarEx
ImageList_Add
ord17

aclui

ord1
ord2

cabinet

ord14
ord10
ord13

cryptui

CryptUIDlgSelectCertificateFromStore
CryptUIWizDigitalSign
CryptUIWizFreeDigitalSignContext
CryptUIDlgViewCertificateA
CryptUIWizImport
CryptUIWizExport
CryptUIDlgViewContext

Exports

Exports

Birdlay
Haircommon
Hurrycat
Lengthgave
Wiresurface

Sections

.text
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b6e2175af86921dd64f036f269cc49a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

comctl32

aclui

cabinet

cryptui

Exports

Exports

Sections

.text Size: 388KB - Virtual size: 388KB

.data Size: 6KB - Virtual size: 382KB

.idata Size: 3KB - Virtual size: 3KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 388KB - Virtual size: 388KB

.data
Size: 6KB - Virtual size: 382KB

.idata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 15KB - Virtual size: 14KB