3428d0f22c12942fbbac7ba7a4b99d4e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3428d0f22c12942fbbac7ba7a4b99d4e_JaffaCakes118
Size

288KB
MD5

3428d0f22c12942fbbac7ba7a4b99d4e
SHA1

f8863550991953e1c97c7d7ecb0c747dfad5462b
SHA256

de2ac941bb5e9611ee4717319a4a0fe489c08bcc70c62d76d17743116a917326
SHA512

a44417898597fa9d9e0ecf8589e24de2702bb51b8aa5d06e1ef72cc97a6a613ef279add013c8976e623cb3aca3d4b63ad5e33ce7c9e31df5a0bb46ee670f5302
SSDEEP

6144:ToQ6DfZdUZb1024d3AO8bLjPUML0Ikll8vHI1nMv/:tb024SOMjcMI7lkHcn0/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3428d0f22c12942fbbac7ba7a4b99d4e_JaffaCakes118

Files

3428d0f22c12942fbbac7ba7a4b99d4e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ebf2314c99b24f6a85ff42a06799cde8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\FranKz\Bureau\p7hook\Debug\p7hook.pdb

Imports

kernel32

CreateThread
GetModuleFileNameA
VirtualProtect
GetModuleHandleA
LoadLibraryA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
DebugBreak
RaiseException
GetVersionExA
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCurrentThreadId
GetCommandLineA
FatalAppExitA
GetCPInfo
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
GetLastError
LCMapStringW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetLastError
GetCurrentThread
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
GetCurrentProcess
FreeLibrary
GetStdHandle
WriteFile
OutputDebugStringA
SetUnhandledExceptionFilter
TerminateProcess
ExitProcess
SetFilePointer
FlushFileBuffers
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
VirtualQuery
GetSystemInfo
SetConsoleCtrlHandler
GetACP
GetOEMCP
SetStdHandle
ReadFile
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushInstructionCache

Sections

.textbss
Size: - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebf2314c99b24f6a85ff42a06799cde8

Headers

File Characteristics

PDB Paths

Imports

kernel32

Sections

.textbss Size: - Virtual size: 98KB

.text Size: 224KB - Virtual size: 220KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 12KB - Virtual size: 18KB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 12KB - Virtual size: 11KB

.textbss
Size: - Virtual size: 98KB

.text
Size: 224KB - Virtual size: 220KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 12KB - Virtual size: 18KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 11KB