b6f5705b1b8b9d856e1998ea56fc6ddf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b6f5705b1b8b9d856e1998ea56fc6ddf_JaffaCakes118
Size

14KB
MD5

b6f5705b1b8b9d856e1998ea56fc6ddf
SHA1

04ba3b85611a84166efc6b4c4d360b7489207734
SHA256

0ad0f14139d5bef4477b165d399d78d04b34a1a54dd468c432b6d33b8eeb375a
SHA512

5c628398676b0bf6d93e907fe638454c45639d4cc954e7940b1d65fa15c3b28b0e6a37765a0d4b578b91d3bb3ff99c1faed2995412d4a39e6259abd96943bf6a
SSDEEP

384:Jw7vrbhtZR8xZAsH9qq4mgGjwZuP7oGCazHqRNPmaPyt:yTGfCauFPE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6f5705b1b8b9d856e1998ea56fc6ddf_JaffaCakes118

Files

b6f5705b1b8b9d856e1998ea56fc6ddf_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9382b2d555c6519100ddf25816b0cc2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\TFS\UA\Release\Retail_2015\Kernel\Source\Code\Middleware Layer\Data SubLayer\BloquePSCR80\ProjectWin\Release\pscr80.pdb

Imports

pskutil

OSUtil_LoadLibraryExUTF8
OSUtil_GetModuleFileNameUTF8
OSUtil_FreeLibrary
OSUtil_GetProcAddress
OSUtil_GetOSType

Exports

Exports

PLGLOADER_GetTypes
PskGetErrno
PskSetErrno
_acos
_asin
_atan
_atan2
_ceil
_clock
_copysign
_cos
_exp
_finite
_floor
_fmod
_isalnum
_isnan
_log
_log10
_longjmp
_memccpy
_memcpy
_memicmp
_memset
_pow
_rand
_setjmp
_setjmp3
_sin
_snprintf
_splitpath
_sqrt
_stricmp
_strlen
_strlwr
_strncpy
_strnicmp
_strupr
_tan
_time32
_vswprintf_c_l
_wcsicmp
_wcsnicmp
_wcsupr
_wsplitpath
acos
asin
atan
atan2
atoi
atol
bsearch
ceil
clock
close
copysign
cos
exp
fclose
feof
fgets
finite
floor
fmod
fopen
fprintf
fwrite
ioctl
isalnum
isalpha
iscntrl
isdigit
isnan
isprint
isspace
isxdigit
log
log10
longjmp
lseek64
memccpy
memchr
memcmp
memcpy
memicmp
memmove
memset
open
pow
printf
pskswprintf
qsort
rand
read
setjmp
sin
snprintf
splitpath
sprintf
sqrt
sscanf
strcat
strchr
strcmp
strcpy
stricmp
strlen
strlwr
strncat
strncmp
strncpy
strnicmp
strrchr
strstr
strtok
strtol
strupr
tan
tolower
toupper
towlower
towupper
vsprintf
vswprintf
wcscat
wcschr
wcscmp
wcscpy
wcsicmp
wcslen
wcsncat
wcsncmp
wcsncpy
wcsnicmp
wcsrchr
wcsstr
wcstol
wcsupr
write
wsplitpath

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9382b2d555c6519100ddf25816b0cc2f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

pskutil

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: - Virtual size: 400B

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 1024B - Virtual size: 1004B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: - Virtual size: 400B

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 1024B - Virtual size: 1004B