9959d87e253409049065f67c9b6fe05e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9959d87e253409049065f67c9b6fe05e_JaffaCakes118
Size

412KB
MD5

9959d87e253409049065f67c9b6fe05e
SHA1

63277835d3121a3ca77e73ef42cdd6cd780ae2cd
SHA256

b4a7dd109cdfae0e1202cce415e91dbbeec46bcd30a0cef751ea9f877b9ad5d6
SHA512

3bb51c7f2dd88b3099b581b9bd706da6a55b61eae252cc64caf16a04c5902a2f8440d1d1a1578dd0334329aa49910f2db1dc56f1d39b6c314539c37ef6139d0b
SSDEEP

12288:/yLWqsPlkT8DzCQ3fQSQ+6aa7Vmvs7+d+fu:6LWqsPuT8DzCQ3I+Ha7A24+f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9959d87e253409049065f67c9b6fe05e_JaffaCakes118

Files

9959d87e253409049065f67c9b6fe05e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f0cd130be9d7ebf7b9386c0ad33e3531

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
CopyFileA
GetLastError
LoadLibraryA
Process32Next
GlobalFree
CloseHandle
GetNativeSystemInfo
HeapAlloc
GetLocalTime
GetProcAddress
GetCurrentProcessId
CreateMutexA
FreeLibrary
IsBadReadPtr
WriteFile
DeleteFileA
GetTickCount
CheckRemoteDebuggerPresent
GlobalAlloc
TerminateProcess
VirtualAlloc
GetCurrentProcess
VirtualFree
SetLastError
HeapFree
VirtualProtect
WideCharToMultiByte
InterlockedFlushSList
GetProcessHeap
Process32First
RtlUnwind
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

CryptDestroyKey
CryptAcquireContextA
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext

msvcrt

_initterm
??0exception@@QAE@ABQBD@Z
_cexit
__getmainargs
atexit
_except_handler3
memset
memcpy
_errno
exit
_lock
_unlock
__dllonexit
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
??3@YAXPAX@Z
??2@YAPAXI@Z
memmove
malloc
strrchr
__CxxFrameHandler
_strlwr
__pctype_func
isdigit
tolower
localeconv
_XcptFilter
_CIlog10
ceil
_clearfp
free
___lc_codepage_func
___lc_handle_func
_stricmp
strtol
realloc
_local_unwind2

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 307KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0cd130be9d7ebf7b9386c0ad33e3531

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcrt

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 307KB - Virtual size: 310KB

.gfids Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 9B

.iloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 307KB - Virtual size: 310KB

.gfids
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 9B

.iloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB