17c1c9579d3930abfe446a17b007a907_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17c1c9579d3930abfe446a17b007a907_JaffaCakes118
Size

144KB
MD5

17c1c9579d3930abfe446a17b007a907
SHA1

eb599193586ed5579306ae8a2eef5c4d1d1180bf
SHA256

07e5fd0c1225d8c3100029f15f1752389e336be3e95a0b7325161dc6188b0feb
SHA512

be0b8e75875d634bfa85a46ea9210f00848d1cd218fcdbe626b0f36e61f7f38ee048015e29ece90de24f4193e36330b9ef2055b2367402dcbd621e7a14ad9b2f
SSDEEP

3072:f53uyFHPZgz4I+IEekeSqR/MdGeJkIwt36:f53uyFxU4IdEed1/gTJkIwt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17c1c9579d3930abfe446a17b007a907_JaffaCakes118

Files

17c1c9579d3930abfe446a17b007a907_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fd6992253d6910844e3040ba54977bc8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
TerminateThread
Sleep
WaitForSingleObject
SetEvent
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
InterlockedExchange
HeapAlloc
lstrlenA
GetDiskFreeSpaceExA
GetFileSize
SetFilePointer
CloseHandle
MapViewOfFile
CreateFileMappingA
HeapFree
UnmapViewOfFile
GlobalFree
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
OpenEventA
GetLastError
RaiseException
LocalAlloc
FreeLibrary

msvcrt

strlen
strstr
memcmp
_CxxThrowException
rand
strcpy
sprintf
strncpy
free
malloc
_except_handler3
strcmp
memcpy
strcat
_beginthreadex
atoi
wcstombs
_access
srand
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
ceil
putchar
memmove
strrchr
__CxxFrameHandler
puts
??3@YAXPAX@Z
??2@YAPAXI@Z
memset
_ftol
_strrev
_stricmp

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

CaoniMain
EndWork
Runing
Working

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd6992253d6910844e3040ba54977bc8

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB