3f514617d6d33a2ebf83fc343f75307d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f514617d6d33a2ebf83fc343f75307d_JaffaCakes118
Size

71KB
MD5

3f514617d6d33a2ebf83fc343f75307d
SHA1

1afec002cd0ccd20677621e07a8b0ce2bd2e5e33
SHA256

900ea3bbf6238441fa3d09aa29e4e6ba4b269e71b63168057505414217f2edb9
SHA512

9039d21f9bcaa9aee2a107b2356f289c67e055222a78e72b3f3197703f629e2fe1f9faef975591fd39095360a2c221c3ca9cec34f62ffa620bdd41fe4017278a
SSDEEP

1536:+V76PJZjWogThiZzsCbfyIotWv5ao35UWiHCPkmafumYpeKsOn38oq0:+6RZjW9TYZFryIoQvUoGH6COn38L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f514617d6d33a2ebf83fc343f75307d_JaffaCakes118

Files

3f514617d6d33a2ebf83fc343f75307d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

602b4cba4e89ffd64a3f6edc0416ef53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ldw\macho.pdb

Imports

ida.wll

netnode_check
netnode_kill
netnode_altval
netnode_altshift
netnode_supset
get_aflags
areacb_t_get_area
segs
add_long_cmt_v
get_flags_ex
do_data_ex
callui
debug
vloader_failure
auto_mark_range
get_struc_size
get_struc
swap64
qsnprintf
interr
under_debugger
inf
set_processor_type
ph
next_head
set_offset
get_long
isLoaded
import_type
h2ti
idati
get_qword
set_cmt
get_ascii_contents
get_max_ascii_length
make_name_auto
do_name_anyway
get_name
make_ascii_string
get_member_by_name
get_item_end
doAlign
get_byte
file2base
add_segm_ex
allocate_selector
qstrncpy
get_word
put_qword
put_long
put_word
put_byte
set_fixup
segtype
get_segm_name
get_fixup
set_fixup_ex
qstrncat
qfree
qlread
qlseek
qalloc
make_name_weak
get_name_ea
add_entry
qalloc_or_throw
RootNode
get_fixup_base
get_next_fixup_ea
get_first_fixup_ea
qrealloc_or_throw
qlsize
apply_tinfo
get_tinfo
get_64bit
get_true_name
add_long
add_qword
set_name
add_func
put_many_bytes
set_segm_end
import_module
set_default_dataseg
add_til2

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

_unlock
__dllonexit
_lock
_onexit
_malloc_crt
free
_encoded_null
strncmp
_initterm_e
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
atoi
getenv
memcpy
__CxxFrameHandler3
printf
memmove
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
_strnicmp
memset
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_initterm

kernel32

DecodePointer
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
EncodePointer

Exports

Exports

LDSC
ident_tag

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

602b4cba4e89ffd64a3f6edc0416ef53

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ida.wll

msvcp100

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB