06f51858078a8366acd93211a7b4db97_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06f51858078a8366acd93211a7b4db97_JaffaCakes118
Size

288KB
MD5

06f51858078a8366acd93211a7b4db97
SHA1

c76e0ca1ee4c36203da931cf38bf4d2b8bd55ead
SHA256

30508ce11ffa142a43eb721115e8975d962bdeb433c8cc0635f9c428db3534f1
SHA512

7f92ed443060db4ba070873711f5d1afe281119dc7063a7be03ac3d78dc4fdf95f90f6f9ae68e71065aaa5b27703c99ac9a6b1aa6e6d7852a27fd3c8472f1047
SSDEEP

6144:98qZOOkvyW2ggH+lGecOWsIX8ZAfjOfmZRXXa8IcT81Z7tIx9hJFGZQnJV:98qMhFLH88ZADBnQ1Wh7IKJV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06f51858078a8366acd93211a7b4db97_JaffaCakes118

Files

06f51858078a8366acd93211a7b4db97_JaffaCakes118
.dll windows:4 windows x86 arch:x86

122a2c9bdfb6349be41323906cd89662

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom_core

?assign_from_qi@nsCOMPtr_base@@QAEXVnsQueryInterface@@ABUnsID@@@Z
??1nsCOMPtr_base@@QAE@XZ
?NS_NewGenericModule2@@YAIPBUnsModuleInfo@@PAPAVnsIModule@@@Z

kernel32

GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlushFileBuffers
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
TerminateProcess

msvcr80

fopen
fclose
_get_osfhandle
fflush
memset
fseek
ftell
fread
fwrite
memmove
_encode_pointer
ferror
_encoded_null
free
_fileno
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
_errno
strerror
strcpy
memcpy
strlen
memcmp
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
_malloc_crt
_decode_pointer

Exports

Exports

NSGetModule

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

122a2c9bdfb6349be41323906cd89662

Headers

File Characteristics

Imports

xpcom_core

kernel32

msvcr80

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text Size: 172KB - Virtual size: 172KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 172KB - Virtual size: 172KB