36cdb08c320fb93d4d6e241857d49e95_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36cdb08c320fb93d4d6e241857d49e95_JaffaCakes118
Size

296KB
MD5

36cdb08c320fb93d4d6e241857d49e95
SHA1

05b8ab74b4631b73178d1aed4d53ad80df6a14e3
SHA256

632c45ebffd8e44c278d5d028280110f23df769ff57f657fd3662590237a8457
SHA512

f7658d3c8c243b49d66f156776029633578120d65bb404c2e2fc9e8c87661268f4de14c50f5f1139494ec3ebd8a8c373c868894338fe17e65c84aec15bac5ca6
SSDEEP

6144:0Aps0PS3SrhYqI3tgBzpm3LITngEoIaAOmOuC:lptPS3SKty9pYITgxsFC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36cdb08c320fb93d4d6e241857d49e95_JaffaCakes118

Files

36cdb08c320fb93d4d6e241857d49e95_JaffaCakes118
.dll windows:4 windows x86 arch:x86

77f1a4c91ac1699b5fac51c24e8436b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Sam\Documents\Code\EH Pub\Normal\Source\Release\TFC.pdb

Imports

winmm

timeGetTime

kernel32

WriteProcessMemory
GetCurrentProcess
Sleep
VirtualProtect
QueryPerformanceCounter
GetProcAddress
GetModuleHandleA
CreateThread
ExitProcess
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
InterlockedExchange
Module32Next
Module32First
CreateToolhelp32Snapshot
VirtualQuery
HeapAlloc
GetProcessHeap
FlushFileBuffers
SetStdHandle
GetOEMCP
IsBadReadPtr
TlsFree
GetACP
LCMapStringW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
ReadFile
SetEndOfFile
GetCurrentProcessId
GetTickCount
GetSystemInfo
VirtualAlloc
LoadLibraryA
IsBadCodePtr
IsBadWritePtr
SetUnhandledExceptionFilter
SetFilePointer
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetSystemTimeAsFileTime
TerminateProcess
RtlUnwind
GetLocalTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetLastError
LCMapStringA
TlsSetValue
TlsGetValue
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
RaiseException
CreateFileA

user32

wsprintfA
GetAsyncKeyState

shell32

ShellExecuteA

vstdlib

RandomSeed
RandomFloat
Q_strncpy
Q_snprintf
KeyValuesSystem
Q_strnicmp

tier0

Msg
g_VProfCurrentProfile
?GetSubNode@CVProfNode@@QAEPAV1@PBDH0H@Z
?EnterScope@CVProfNode@@QAEXXZ
?ExitScope@CVProfNode@@QAE_NXZ
Error
g_pMemAlloc
GetCPUInformation

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77f1a4c91ac1699b5fac51c24e8436b7

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

shell32

vstdlib

tier0

Sections

.text Size: 212KB - Virtual size: 209KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 16KB - Virtual size: 361KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 212KB - Virtual size: 209KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 16KB - Virtual size: 361KB

.reloc
Size: 20KB - Virtual size: 19KB