6322105db62b123b44408478ef718c7f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6322105db62b123b44408478ef718c7f_JaffaCakes118
Size

270KB
MD5

6322105db62b123b44408478ef718c7f
SHA1

d055b980fe6649c02140d89c8a41cfb126e269c3
SHA256

4f3293af1dce090352e259fbe2bc64848e691ab1b3882418083cf27c62e1afdf
SHA512

7910700ccf378979f885c9241640bf0e3fb646d37b6205b6a14930782a601146853c7131d966f397c2a3c08ba2a666398fe67f75462317fee642a37de826c165
SSDEEP

6144:QIZ3zy69A1PpHlM59IRBAVeC/ZlvyePQTW905UiUcq8jr1W37:QIyJpHlM59wBM/ZhTPQTg05UiE8X1W37

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6322105db62b123b44408478ef718c7f_JaffaCakes118

Files

6322105db62b123b44408478ef718c7f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e5a045a537833950106d07fea8296deb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\WANhttp_encode_simple\Release\CMDRedirect.pdb

Imports

kernel32

GetModuleHandleA
GetVersionExA
GetCurrentProcessId
OpenFileMappingA
ExitProcess
GetCommandLineW
CreateProcessW
HeapAlloc
GetCurrentProcess
HeapFree
GetTickCount
GetProcessHeap
FreeLibrary
SetLastError
ResumeThread
GetCommandLineA
GlobalAlloc
GlobalFree
FindFirstFileW
FindClose
GetLocalTime
LoadLibraryA
Sleep
CreateFileW
GetCurrentThreadId
CreateThread
CloseHandle
GetFileTime
CreateToolhelp32Snapshot
GetModuleFileNameA
CreateFileMappingA
Process32Next
GetLogicalDriveStringsA
TerminateProcess
CreateProcessA
WideCharToMultiByte
OpenProcess
ExpandEnvironmentStringsA
SleepEx
Process32First
QueryDosDeviceA
VirtualQuery
UnmapViewOfFile
GetProcAddress
FindNextFileW
GetLastError
MapViewOfFile
MultiByteToWideChar
CreateFileA
SuspendThread
FlushInstructionCache
SetThreadContext
GetThreadContext
VirtualProtect
VirtualAlloc
VirtualFree
SetEndOfFile
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFullPathNameA
CopyFileA
MoveFileA
LocalFree
DeleteFileA
GetFileSize
SetFilePointer
MapViewOfFileEx
WriteFile
CreateFileMappingW
OutputDebugStringW
CreateDirectoryA
OutputDebugStringA
HeapReAlloc
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
CompareStringW
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetCurrentThread
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
ReadFile

shlwapi

PathAddBackslashW
PathFileExistsW
PathRemoveFileSpecW

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

version

GetFileVersionInfoSizeW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW

advapi32

OpenProcessToken
SetNamedSecurityInfoW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
AdjustTokenPrivileges
LookupPrivilegeValueA

Exports

Exports

?_@@YAXXZ
Fundadores

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5a045a537833950106d07fea8296deb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

iphlpapi

psapi

version

advapi32

Exports

Exports

Sections

.text Size: 199KB - Virtual size: 198KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 12KB - Virtual size: 22KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 199KB - Virtual size: 198KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 12KB - Virtual size: 22KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 16KB