386924b7c440c55f8f85b4f19b6113ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

386924b7c440c55f8f85b4f19b6113ef_JaffaCakes118
Size

288KB
MD5

386924b7c440c55f8f85b4f19b6113ef
SHA1

995df19b14927713e1b3e87a1cb8d6e5fc36e52d
SHA256

ba62c4dbef0a3c584b2a28a1153fe41b4814522b53629ac13bafe3153e063d5f
SHA512

3a1b4be9c54067b9e294ca0d6bf09577c27d1c0707aa25f6a1b14e1fcc4c525449fd334bfd459b2071e64f0e79bdda9c0bcab94dba3abed4aa70d19095d20427
SSDEEP

6144:S8bJOeqhTfepLIKh2q1n3DTE+V/V/NPu3luPj:S8bJ/d9I5KTQqcu7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
386924b7c440c55f8f85b4f19b6113ef_JaffaCakes118

Files

386924b7c440c55f8f85b4f19b6113ef_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3b34e4e24f68a726eb7e48154016489a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Z_E\#Win98\CSAPI3\WinRel\Mssp3pl.pdb

Imports

kernel32

MultiByteToWideChar
IsBadWritePtr
IsBadReadPtr
_lclose
_lcreat
AreFileApisANSI
WideCharToMultiByte
IsBadStringPtrA
GetFileAttributesA
GlobalFree
GlobalLock
GlobalAlloc
GlobalMemoryStatus
GlobalUnlock
VirtualAlloc
VirtualFree
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CloseHandle
GetFileTime
CreateFileA
WriteFile
SetFilePointer
CompareStringW
CompareStringA
HeapFree
HeapAlloc
GetLastError
ReadFile
RtlUnwind
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapReAlloc
GetStringTypeA
GetStringTypeW
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ExitProcess
SetStdHandle
LCMapStringA
LCMapStringW
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
VirtualProtect
GetSystemInfo
VirtualQuery
GetLocaleInfoA
GetCPInfo
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
UnhandledExceptionFilter
GetACP
GetOEMCP
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FlushFileBuffers
LoadLibraryA
GetTimeZoneInformation
SetEndOfFile
HeapSize
GetLocaleInfoW
SetEnvironmentVariableA

user32

CharToOemA

Exports

Exports

SpellerAddChangeUdr
SpellerAddUdr
SpellerBuiltinUdr
SpellerCheck
SpellerClearUdr
SpellerCloseLex
SpellerDelUdr
SpellerGetListUdr
SpellerGetOptions
SpellerGetSizeUdr
SpellerInit
SpellerOpenLex
SpellerSetOptions
SpellerTerminate
SpellerVersion

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3b34e4e24f68a726eb7e48154016489a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 161KB

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 8KB - Virtual size: 6KB

.text Size: 152KB - Virtual size: 152KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 161KB

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 152KB - Virtual size: 152KB