22d1579cf96aa6a889eec9b82156fb61_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

22d1579cf96aa6a889eec9b82156fb61_JaffaCakes118
Size

179KB
MD5

22d1579cf96aa6a889eec9b82156fb61
SHA1

75bc7d43d5452a72542caee26738ba27daaa9d4c
SHA256

d4d04ce8250ebecad6f64f457113dd11df933ae8e304a07f771b4bbca0ac90d2
SHA512

706af124a890a2b0772a9ad6e1cabc31018fdaa24ddb6c8705579edf35289b09c817a3c2bb79e8eb108b1021266668bc97922ddf5f9ae739a6907067403689ff
SSDEEP

3072:2PsScYL5a7PBXxbefgL7gUDPzGcg6Lc5fKaxmtXcd+UWNQ1cn75hMe21+zv4m+s6:d0aFXxyfpcgHfKYHIRGK75hAav3p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22d1579cf96aa6a889eec9b82156fb61_JaffaCakes118

Files

22d1579cf96aa6a889eec9b82156fb61_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8fe3a120b3395fa082838daf981d7061

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
SetHandleCount
ExitProcess
TerminateProcess
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapFree
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
WriteFile
VirtualFree
HeapCreate
SetFilePointer
SetStdHandle
CloseHandle
GetLocaleInfoW
FlushFileBuffers
GetLocaleInfoA
RaiseException
LoadLibraryA
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
HeapDestroy
GetFileType
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
lstrcpyA
VirtualAlloc
GetStdHandle
GetOEMCP
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte

user32

SetRect

ltkrn13n

ord100
ord129
ord141
ord189
ord196
ord188
ord134
ord101
ord117
ord125
ord123
ord120
ord192
ord190
ord191
ord283
ord282

lvkrn13n

ord400
ord1100
ord1110
ord101
ord107
ord2300
ord100
ord302
ord206
ord1228
ord122
ord1209
ord1205
ord1200
ord1229
ord1215
ord303
ord1201

Exports

Exports

DllMain
fltInfo
fltLoad
fltSave

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fe3a120b3395fa082838daf981d7061

Headers

File Characteristics

Imports

kernel32

user32

ltkrn13n

lvkrn13n

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 15KB - Virtual size: 20KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 15KB - Virtual size: 20KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 4KB - Virtual size: 4KB