ad3778f31b3d3cc4ca4c51e3ffe9464a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ad3778f31b3d3cc4ca4c51e3ffe9464a_JaffaCakes118
Size

421KB
MD5

ad3778f31b3d3cc4ca4c51e3ffe9464a
SHA1

da0f1fb7b9ca42f6ea7298f19a54121fd2660737
SHA256

4df39fd80257e14192e2d2edc4500883edd7921e0be92d664ec4b995d8f82f24
SHA512

29b4ee6cc0563277283e3934c80cc94327774892f81338b459804d97e2999d2840e59518981bd26b748aec88c8f111e0d8bad6df0dc9cf3c6beb3ace2bc64a7b
SSDEEP

6144:Ipzb4zDZWem6SDwg21fh0k2Pk4+o9ydY//iptLNu5H32KgKC:IpzWDYemdkh1fj/dY/ctLNu5H3CK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad3778f31b3d3cc4ca4c51e3ffe9464a_JaffaCakes118

Files

ad3778f31b3d3cc4ca4c51e3ffe9464a_JaffaCakes118
.dll windows:6 windows x86 arch:x86

7db1c33a4ead725fd9631740feee9107

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\73\off\18\40\Last\catch\Support\Fight\Necessary\80\60\19\ring.pdb

Imports

kernel32

CreateFileA
RemoveDirectoryA
GetCurrentDirectoryA
GetWindowsDirectoryA
GetDateFormatA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
TlsGetValue
TlsAlloc
WideCharToMultiByte
GetVersionExA
QueryPerformanceCounter
CreateProcessA
SetFileAttributesA
GetSystemTime
SizeofResource
Sleep
GetCurrentThreadId
ExitProcess
OpenProcess
SetEndOfFile
VirtualProtectEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
EncodePointer
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetStdHandle
GetFileType
WriteConsoleW
MultiByteToWideChar
HeapAlloc
HeapValidate
GetSystemInfo
GetACP
GetCPInfo
WriteFile
OutputDebugStringA
OutputDebugStringW
CreateThread
GetConsoleCP
GetConsoleMode
CompareStringW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
GetStringTypeW
ReadFile
ReadConsoleW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
DecodePointer

comctl32

_TrackMouseEvent
ImageList_DragShowNolock
ord17
ImageList_BeginDrag
ImageList_GetIcon

aclui

ord1
ord2

cabinet

ord13
ord11
ord10
ord14

cryptui

CryptUIDlgSelectCertificateFromStore
CryptUIWizDigitalSign
CryptUIWizFreeDigitalSignContext
CryptUIDlgViewCertificateA
CryptUIWizExport
CryptUIWizImport
CryptUIDlgViewContext

Exports

Exports

Finishagree
Keyatom
Openmove
Ourtail
Youhis

Sections

.text
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7db1c33a4ead725fd9631740feee9107

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

comctl32

aclui

cabinet

cryptui

Exports

Exports

Sections

.text Size: 394KB - Virtual size: 394KB

.data Size: 6KB - Virtual size: 356KB

.idata Size: 3KB - Virtual size: 3KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 394KB - Virtual size: 394KB

.data
Size: 6KB - Virtual size: 356KB

.idata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 15KB - Virtual size: 15KB