31ce5ebd201054b0251fc8ce51d3ca60_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31ce5ebd201054b0251fc8ce51d3ca60_JaffaCakes118
Size

208KB
MD5

31ce5ebd201054b0251fc8ce51d3ca60
SHA1

7e551186a3fe54ff68fb85ddd21512f150bd8000
SHA256

e7efeee61285002590fa5ec0a23e6b43aba6ebcc8c09b0cd8babe9b713a7bb42
SHA512

3f01b19ea96730cca6b087957f0d9ce35e08da0dd78a151ab3c2b68003819eee394d00a06ef210b65829b7638c9a3bf9f292d50c06e114434135d42153c875da
SSDEEP

6144:mf9BADoeSYZN2SnX6x9rOKNTIIUkTQxFoGQLrzxoekG:cBpe/ZN2Snqx9XsIUMqtQLraG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31ce5ebd201054b0251fc8ce51d3ca60_JaffaCakes118

Files

31ce5ebd201054b0251fc8ce51d3ca60_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ee378a91d127e5ad8a8b70c7558c6cc8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\source\locdrm\rel32\locdrm.pdb

Imports

ole32

CoCreateGuid

kernel32

GetSystemInfo
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
Sleep
CloseHandle
WaitForSingleObject
GetCurrentThreadId
CreateMutexA
OpenMutexA
ReleaseMutex
GetVersionExA
GetTickCount
FindClose
GetDiskFreeSpaceA
GetWindowsDirectoryA
GetModuleFileNameA
FindFirstFileA
GetDriveTypeA
FindNextFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetFileAttributesA
CreateDirectoryA
InterlockedExchange
TerminateProcess
GetVolumeInformationA
DeleteFileA
InterlockedCompareExchange
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

CharPrevA
CharNextA
GetSystemMetrics

advapi32

RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA

msvcr90

_getcwd
??2@YAPAXI@Z
_time32
rand
srand
_purecall
??3@YAXPAX@Z
memcpy
_read
memset
?_open@@YAHPBDHH@Z
_write
_lseek
_tell
_close
_chdir
_commit
strchr
_localtime32
??_V@YAXPAX@Z
??_U@YAPAXI@Z
sprintf
??0exception@std@@QAE@ABQBD@Z
_putenv
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
malloc
free
realloc
memmove
sscanf
getenv
_errno
_unlink
rename
strrchr
strstr
_ismbblead
strncpy
_ftime32
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_rmdir
_mkdir
_chmod
_itoa
_stricmp
_eof
?what@exception@std@@UBEPBDXZ

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Exports

Exports

OnUninstall
RMACreateInstance
RMAShutdown
SetDLLAccessPath

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ee378a91d127e5ad8a8b70c7558c6cc8

Headers

File Characteristics

PDB Paths

Imports

ole32

kernel32

user32

advapi32

msvcr90

msvcp90

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 7KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text Size: 108KB - Virtual size: 112KB

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 108KB - Virtual size: 112KB