7fc8d48756eea3afa7e3285876bb88c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7fc8d48756eea3afa7e3285876bb88c5_JaffaCakes118
Size

151KB
MD5

7fc8d48756eea3afa7e3285876bb88c5
SHA1

df0529d642e52a85b9c6ba4982ba27c6eda4529e
SHA256

73a79f1e21aba3872db37ea6c22752f62a5b1d1150275f1d20632683a1dd15f4
SHA512

def4017797ca8c7f9a31f4e6362cd9b6838abbe21f410f7bc5a98f08710be423d6083f2e8297d27ec532b07eb9c13b02a896dddcefd3e5385668b96b44633164
SSDEEP

1536:e/dVH0RdAgivQne5Tzz0mrDSbfkepWtcBL6eSsWjcddTd6Z/KaPAKOYIx3jqc61r:e/dmc4ex0AGJWAtQZ/KaPVO2e4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7fc8d48756eea3afa7e3285876bb88c5_JaffaCakes118

Files

7fc8d48756eea3afa7e3285876bb88c5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

323d1c44ff34ee72b0869f1c0b500272

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl

kernel32

QueryPerformanceCounter
LocalFree
LocalAlloc
InterlockedDecrement
GetProcAddress
GetLastError
SetEvent
ResetEvent
CloseHandle
CreateEventA
LoadLibraryA
lstrlenA
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
MultiByteToWideChar
HeapFree
RtlUnwind
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
RaiseException
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
HeapReAlloc
GetStringTypeW

oleaut32

VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
StagelessInit
_ReflectiveLoader@0

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

323d1c44ff34ee72b0869f1c0b500272

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 63KB - Virtual size: 70KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 63KB - Virtual size: 70KB

.reloc
Size: 4KB - Virtual size: 4KB