0d4acece9f8c424840a34c8e76812a21_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0d4acece9f8c424840a34c8e76812a21_JaffaCakes118
Size

244KB
MD5

0d4acece9f8c424840a34c8e76812a21
SHA1

8cff36ebcfd9fc4e359ea941e64eb2763e2a5030
SHA256

3b6476d85f46232f65e70d364e22f37ce6d301fbf58b08cef44bcd8ffadb0905
SHA512

1d793d53f4ab95ab627094f9ba5801d5a03c911d405e69af79ac5e80c363135b2a693a0a781fcca3722879cea744b47fa147748cbe16481fc0ff492082a3f96d
SSDEEP

3072:aXC5JVDzGAg0FuQPw0cCwfwn6qCqvEP/jawuZ0S6kA6GAQiATtw6uwx38YAy2y0R:aeLuAOowFwn6d/ed0SRdATt3XMoDEnEw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d4acece9f8c424840a34c8e76812a21_JaffaCakes118

Files

0d4acece9f8c424840a34c8e76812a21_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a3a675d055b666fa0c5aa0bfa33106ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
CloseHandle
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
VirtualQuery
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
RtlUnwind
RaiseException
ExitProcess
HeapAlloc
HeapFree
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
GetCPInfo
TlsFree
SetLastError
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapReAlloc
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
IsBadCodePtr
GetACP
GetOEMCP
LoadLibraryA
SetFilePointer
VirtualProtect
GetSystemInfo

Exports

Exports

Initialize
StartRemoteLcs
StopPeerToPeerLoaderServer
StopRemoteLcs
Uninitialize

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a3a675d055b666fa0c5aa0bfa33106ff

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 824B

.reloc Size: 8KB - Virtual size: 7KB

.text Size: 152KB - Virtual size: 152KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 824B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 152KB - Virtual size: 152KB