9b575a9204428317dbad1cd902a97afd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9b575a9204428317dbad1cd902a97afd_JaffaCakes118
Size

677KB
MD5

9b575a9204428317dbad1cd902a97afd
SHA1

38ac36be3db12710e1434b413cae01d8cf7a2929
SHA256

0fed6cfdf28ca6cd1cb4f53b1397d38df3a78d432f32ea324bf338c1c19b102e
SHA512

0cc1ed6cb7d2c19760be028112fdab28910c3f3a16c8370987b47043c133f53ddbd87453f9c0aeab9d8aaaad5e51f6f0f6c41bf4da6d40f34cba72e620bc23ba
SSDEEP

12288:nM5C79gl5a0RgOiwVH542Tez2jLPLLfMDWygEmJTYQimmebKwAkY:R9Qa4gOiwL428WHyFETYQicKwlY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b575a9204428317dbad1cd902a97afd_JaffaCakes118

Files

9b575a9204428317dbad1cd902a97afd_JaffaCakes118
.dll windows:5 windows x86 arch:x86

83f6600882526093e04a0cb309c20429

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Working\Project\MuHanoi\ss2\MuEngineAddOn\Release\HNXAnti.pdb

Imports

kernel32

CreateFileA
WriteFile
CloseHandle
ReadFile
VirtualProtect
GetTickCount
ExitProcess
GetProcAddress
GetModuleHandleA
VirtualFree
VirtualQuery
ResumeThread
SuspendThread
CreateToolhelp32Snapshot
OpenThread
GetSystemTimeAsFileTime
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlUnwind
GetLastError
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
MultiByteToWideChar
HeapFree
HeapAlloc
RaiseException
WideCharToMultiByte
GetTimeZoneInformation
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
IsProcessorFeaturePresent
Sleep
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
InterlockedExchange
LoadLibraryW
SetEndOfFile
GetProcessHeap
WriteConsoleW
LCMapStringW
GetStringTypeW
CreateFileW
CompareStringW
SetEnvironmentVariableA
GetThreadContext
SetThreadContext
InterlockedCompareExchange
Thread32First
Thread32Next
FlushInstructionCache
VirtualAlloc

user32

MessageBoxA

ws2_32

getpeername
send
connect

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 586KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

83f6600882526093e04a0cb309c20429

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ws2_32

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 586KB - Virtual size: 586KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 586KB - Virtual size: 586KB