15db98ea3890eb11962eb20c8d194df9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

15db98ea3890eb11962eb20c8d194df9_JaffaCakes118
Size

48KB
MD5

15db98ea3890eb11962eb20c8d194df9
SHA1

f81d0b53bc045bbdd97239da7795c3e9fc511e51
SHA256

7e5ea14c33fb7fc5803bd8d46d3f3548534dd4ea691e498e58030c51614eee3d
SHA512

52f025a0375f232ecb12e341d8f9a9ca24970d8f3c98bb9c58821ffe7fdd4b7d48fb2aadb044c3b2cac58e58183b8f9d843d9002ad67bb6b12893370b721008e
SSDEEP

384:hXwpV4MzaesJr5SHASrw1hVfmLhPVCE2jrWSj+vxFU5qMJ6E1c6/vPXk9:hXwjrV48JrcL+LhPVCnuDLUNlPXk9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15db98ea3890eb11962eb20c8d194df9_JaffaCakes118

Files

15db98ea3890eb11962eb20c8d194df9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4658bbc205c83c4ee6c01189d10fb555

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Phillip\My Documents\Visual Studio 2005\Projects\dlci\debug\dlci.pdb

Imports

ollydbg.exe

ord88
ord84
ord99
ord45
ord60
ord53
ord2
ord44
ord6
ord48
ord71

kernel32

UnhandledExceptionFilter
FreeLibrary
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
DisableThreadLibraryCalls
FatalAppExitA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetLastError
VirtualFree
ReadFile
VirtualAlloc
GetFileSize
CreateFileA
FormatMessageA
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
LoadLibraryA
GetProcAddress
lstrlenA
MultiByteToWideChar
IsDebuggerPresent
WideCharToMultiByte
DebugBreak
RaiseException
InterlockedCompareExchange
Sleep
GetCurrentProcess
InterlockedExchange

user32

wsprintfA
MessageBoxA

msvcr80d

_CRT_RTC_INITW
_encode_pointer
_malloc_dbg
_encoded_null
_free_dbg
_decode_pointer
_stricmp
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
strstr
fgets
feof
fclose
strchr
strlen
strncmp
memset
strcmp
strncpy
sscanf
strcpy
fopen
_CrtSetCheckCount

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4658bbc205c83c4ee6c01189d10fb555

Headers

File Characteristics

PDB Paths

Imports

ollydbg.exe

kernel32

user32

msvcr80d

Exports

Exports

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB