262590037c93a5496b38565c9dfc85d8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

262590037c93a5496b38565c9dfc85d8_JaffaCakes118
Size

335KB
MD5

262590037c93a5496b38565c9dfc85d8
SHA1

29616a643f896d6ab55d7129a813fa4056400c0e
SHA256

eaeb42576fb19b866abdc99b5b8f867f3c69d8da9e941f2ca5af1f0e3e342a6c
SHA512

c566f68a5d8b6769595836bffdf7e05b439a9a26ed7a500348a6ca4dea3effbdf0db1da64d219b7c6ac35143604782d5ffd47633a6297e3191224210d4de0bee
SSDEEP

3072:lYEuU/HsL0icNk2S/G7xBYT147Q1zzWpYnJw19qVFXEqnQvSoLRRybz5m76nf7fF:ypGHq8ujuVeZWQ1WmnaHqrCybs+fbpC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
262590037c93a5496b38565c9dfc85d8_JaffaCakes118

Files

262590037c93a5496b38565c9dfc85d8_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

68b46a79797ab738bab23808c616c230

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\EarlyBought\Weartoo\EspeciallyBeat\Mine.pdb

Imports

kernel32

ExitProcess
TlsSetValue
CreateProcessA
FindFirstFileA
RemoveDirectoryA
FindClose
LoadLibraryA
GetModuleFileNameA
FindNextFileA
VirtualProtect
GetFileTime
GetCurrentThreadId
TlsAlloc
GetTempPathA
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCPInfo
RaiseException
GetLastError
HeapFree
RtlUnwind
LCMapStringA
LCMapStringW
GetTimeZoneInformation
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetModuleHandleA

ws2_32

WSACloseEvent
WSAStartup
WSAConnect
WSACleanup
WSASocketA
WSAAddressToStringA
WSAWaitForMultipleEvents

Exports

Exports

Crossput
Directclear
DllRegisterServer
Summerwind

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68b46a79797ab738bab23808c616c230

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 234KB - Virtual size: 234KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 14KB - Virtual size: 386KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 234KB - Virtual size: 234KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 14KB - Virtual size: 386KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB