6de65fc57a4428ad7e262e980a7f6cc7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6de65fc57a4428ad7e262e980a7f6cc7_JaffaCakes118
Size

1.7MB
MD5

6de65fc57a4428ad7e262e980a7f6cc7
SHA1

db18d9286c0ffa30a57cd84959cb1e8e9c62a5fb
SHA256

d29bc522d23513cfbb5ff4542382e1b4f0df2fa6bced5fb479cd63b6f902c0eb
SHA512

2f806987916b9f29d883aab10ee3730649e122b8fa41fbcd02282748850f75c560e8625f70ee286a1d6f8c5df11b514f545a4ef50f3c2ffaa029c37d3ff03e6f
SSDEEP

24576:u0l5cuqT+Vw3N+Nlc13So/G/O2TX9Uqd8I6sA7tMgIiaRqPtj9RuzRitJuwfQjY:uq5cuqT+MNKW2TtHd/GJI1RqPtj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6de65fc57a4428ad7e262e980a7f6cc7_JaffaCakes118

Files

6de65fc57a4428ad7e262e980a7f6cc7_JaffaCakes118
.dll windows:6 windows x64 arch:x64

e399f5195df03e805c8a0b9cf73add01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
SwitchToFiber
DeleteFiber
CreateFiber
WideCharToMultiByte
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GlobalMemoryStatus
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetLastError
GetSystemTime
SystemTimeToFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
GetFileType
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
ReadFile
GetModuleFileNameA
GetStringTypeW
GetACP
HeapFree
HeapAlloc
HeapReAlloc
CompareStringW
LCMapStringW
GetConsoleCP
CloseHandle
FlushFileBuffers
SetFilePointerEx
SetStdHandle
FindClose
FindFirstFileExA
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
CreateFileW
HeapSize
SetEndOfFile
GetStdHandle
WriteFile
FindFirstFileW
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCurrentDirectoryW
GetFullPathNameW
CreateThread
WaitForSingleObject
lstrcpyW
Sleep
VirtualAlloc
TlsSetValue
VirtualFree
GetTimeZoneInformation

ws2_32

WSACleanup
WSAGetLastError
recv
send
WSASetLastError
setsockopt
htons
connect
WSAStartup
__WSAFDIsSet
closesocket
select
inet_addr
socket

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

CryptGenRandom
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW

crypt32

CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore

Exports

Exports

preference

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 467KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e399f5195df03e805c8a0b9cf73add01

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

ntdll

user32

advapi32

crypt32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 467KB - Virtual size: 467KB

.data Size: 58KB - Virtual size: 125KB

.pdata Size: 64KB - Virtual size: 64KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 467KB - Virtual size: 467KB

.data
Size: 58KB - Virtual size: 125KB

.pdata
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 20KB