ad70cb29b2bb508192af5af6f7d8db79_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ad70cb29b2bb508192af5af6f7d8db79_JaffaCakes118
Size

127KB
MD5

ad70cb29b2bb508192af5af6f7d8db79
SHA1

9a2d007befc2fa198084e3c6fc9eb2e7c2b5b4af
SHA256

81e916619351ca1d16a7502ede072c205fcc61c0d526d4de746f5dbed4675390
SHA512

9912cf01f6c4cd1ef6f8b453feeee82035680a4b378f4220f0fa2fa42bdcc9ab17c69f5874cf2364e88fbe55ef5545e56ac29d6ddea25fc7934c7ecf0558eb4e
SSDEEP

3072:PHP+UMJtOiIwToyzcauImLtGmLxl/pcWQjj72O5rNNJvuDfeCx:PHnyAhVejj71/NJuz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad70cb29b2bb508192af5af6f7d8db79_JaffaCakes118

Files

ad70cb29b2bb508192af5af6f7d8db79_JaffaCakes118
.dll windows:6 windows x86 arch:x86

90e0982efb7b316ed7b36f1a12434e41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

api-ms-win-core-com-l1-1-1

CoTaskMemFree

vccorlib140_app

??0Object@Platform@@Q$AAA@XZ

msvcp140_app

_Wcscoll

concrt140_app

??0critical_section@Concurrency@@QAE@XZ

vcruntime140_app

strchr

api-ms-win-crt-convert-l1-1-0

wcstod

api-ms-win-crt-runtime-l1-1-0

_cexit

api-ms-win-crt-string-l1-1-0

wcslen

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringLen

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-synch-l1-2-0

AcquireSRWLockShared

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-2-0

InitializeSListHead

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.MPRESS1
Size: 121KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

90e0982efb7b316ed7b36f1a12434e41

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

api-ms-win-core-com-l1-1-1

vccorlib140_app

msvcp140_app

concrt140_app

vcruntime140_app

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-interlocked-l1-2-0

Exports

Exports

Sections

.MPRESS1 Size: 121KB - Virtual size: 704KB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 964B

.MPRESS1
Size: 121KB - Virtual size: 704KB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 964B