33431b6ec0cd14ca3b6718b74b4f0773_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

33431b6ec0cd14ca3b6718b74b4f0773_JaffaCakes118
Size

220KB
MD5

33431b6ec0cd14ca3b6718b74b4f0773
SHA1

6702825f976d43279fde6952db9d8715b67f893d
SHA256

29b92d9f33f8fadb84eef78654cb895ac36cb3dc6c6fdebb14878479dc0cf53d
SHA512

5f349e0c7905ed856854771aead7c639c5c284d56a4a318ce42fdf4b01b4c266bb413e7f8d587d8d91c9be76cecf5eec8e9e4b38de7df401fdfea36fdcae8e7e
SSDEEP

6144:T8MDGRRrZFvkps9r4u2pp3rU6sZ+d/Ic:TJG/zkup4u2pprNec

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33431b6ec0cd14ca3b6718b74b4f0773_JaffaCakes118

Files

33431b6ec0cd14ca3b6718b74b4f0773_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6d265bcb41b9fa696be0acd3d0ce6cb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

synceng.pdb

Imports

msvcrt

malloc
_adjust_fdiv
_initterm
free
memmove

kernel32

DeleteCriticalSection
GetLastError
lstrcpyW
lstrlenW
lstrcmpiW
GetFileAttributesW
SetErrorMode
lstrcpynW
lstrcmpW
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
SetFileTime
CreateFileW
RemoveDirectoryW
DeleteFileW
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
SetEndOfFile
GetFileSize
HeapCreate
GetSystemInfo
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
FreeLibrary
TlsSetValue
TlsGetValue
GetProcAddress
TlsAlloc
TlsFree
LoadLibraryW
GetFullPathNameW
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
LocalFree
lstrlenA
LocalAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FileTimeToLocalFileTime

user32

CharPrevW
CharNextW
IsWindow
CharLowerW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

linkinfo

CreateLinkInfoW
DestroyLinkInfo
CompareLinkInfoReferents
GetCanonicalPathInfoW
CompareLinkInfoVolumes
DisconnectLinkInfo
GetLinkInfoData
IsValidLinkInfo
ResolveLinkInfoW

shlwapi

StrCpyNW
wnsprintfW

shell32

SHChangeNotify
SheShortenPathW

Exports

Exports

AddAllTwinsToTwinList
AddFolderTwin
AddObjectTwin
AddTwinToTwinList
AnyTwins
BeginReconciliation
ClearBriefcaseCache
CloseBriefcase
CompareFileStamps
CountSourceFolderTwins
CreateFolderTwinList
CreateRecList
CreateTwinList
DeleteBriefcase
DeleteTwin
DestroyFolderTwinList
DestroyRecList
DestroyTwinList
EndReconciliation
FindBriefcaseClose
FindFirstBriefcase
FindNextBriefcase
GetFileStamp
GetFolderTwinStatus
GetObjectTwinHandle
GetOpenBriefcaseInfo
GetVolumeDescription
IsFolderTwin
IsOrphanObjectTwin
IsPathOnVolume
OpenBriefcase
ReconcileItem
ReleaseTwinHandle
RemoveAllTwinsFromTwinList
RemoveTwinFromTwinList
SaveBriefcase

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d265bcb41b9fa696be0acd3d0ce6cb6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

linkinfo

shlwapi

shell32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.data Size: 164KB - Virtual size: 164KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 52KB

.data
Size: 164KB - Virtual size: 164KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 1KB - Virtual size: 1KB