69401ed26c9645516e2691280031cc54_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

69401ed26c9645516e2691280031cc54_JaffaCakes118
Size

136KB
MD5

69401ed26c9645516e2691280031cc54
SHA1

2f7dc89ebffae26f56ade813015a78d88ce1c182
SHA256

aedd8452f7cf6f7474ab538dd2529e4df534bde9b8c0f09b125729b16903c59f
SHA512

a2446fc20b2091c43e90c4ce018d0bbe1cb91881dca123433e4e65e4bcf567969a20bf2d4b0288cca551c9b885cb747d642098c63e329fd3e71eb93fee34360c
SSDEEP

3072:zGs3At+HPl1zOOwsl17l+xYYydFIYQ60FB04JS:zPZvl1KOn8xryrwB04U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
69401ed26c9645516e2691280031cc54_JaffaCakes118

Files

69401ed26c9645516e2691280031cc54_JaffaCakes118
.dll windows:4 windows x86 arch:x86

92d2e0609db41fce04644a3b42627cac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\Kvm\KEmulator\win32\KEmuator_dll_src\proj.2003\Release\KEmuDLL.pdb

Imports

kernel32

SetFilePointer
SetStdHandle
CloseHandle
FlushFileBuffers
InterlockedDecrement
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
RtlUnwind
ExitProcess
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
InterlockedExchange
VirtualQuery
SetUnhandledExceptionFilter
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
InitializeCriticalSection
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

SetRect

advapi32

RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA

shell32

SHChangeNotify

oleaut32

SysAllocStringByteLen
SysFreeString
SysStringLen
VariantClear
SysAllocString

avifil32

AVIFileCreateStreamA
AVIFileOpenA
AVISaveOptions
AVISaveOptionsFree
AVIMakeCompressedStream
AVIStreamSetFormat
AVIFileInit
AVIStreamWrite
AVIStreamRelease
AVIFileExit
AVIFileRelease

msvfw32

ord2

Exports

Exports

_Java_emulator_Emulator_regAssociateJar@20
_Java_emulator_Emulator_regRightMenu@12
_Java_emulator_Emulator_unregAssociateJar@12
_Java_emulator_Emulator_unregRightMenu@8
_Java_emulator_graphics3D_G3DUtils_intelSSE_1Invert4x4@16
_Java_emulator_media_AVIWriter_addFrameAVI@12
_Java_emulator_media_AVIWriter_finishAVI@8
_Java_emulator_media_AVIWriter_startAVI@24

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

92d2e0609db41fce04644a3b42627cac

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

oleaut32

avifil32

msvfw32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 4KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 4KB

.rmnet
Size: 60KB - Virtual size: 60KB