3bd9549b0a3f41eabc0d284598ef8567_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3bd9549b0a3f41eabc0d284598ef8567_JaffaCakes118
Size

250KB
MD5

3bd9549b0a3f41eabc0d284598ef8567
SHA1

c0c92f0ba9466b0f28a5ed62fc95ee2024a52f5c
SHA256

936229e6c9f68788f7c2c9d8a49da28aa027258415cb96d54028533a5c522af6
SHA512

9fccf5cf0bef59916878ca57cec0b868f4331a90dc0d76fbf223794086f06386e530fcb6e07aae00986136607326f323d9a62cb2777c414ed5e615a74fc134fc
SSDEEP

6144:I10VdlXbREm0cG4LeLGkiYXnGpYJLuEj:I1oLRluxZLuE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bd9549b0a3f41eabc0d284598ef8567_JaffaCakes118

Files

3bd9549b0a3f41eabc0d284598ef8567_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f595cc6110a3d84fe6322845c8a351b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
GetProcAddress
LoadLibraryA
SetErrorMode
GetModuleFileNameA
FreeLibrary
ExitProcess
LeaveCriticalSection
GetLocaleInfoW
GetLocaleInfoA
SetFilePointer
SetStdHandle
CloseHandle
FlushFileBuffers
RaiseException
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteFile
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
HeapAlloc
HeapFree
GetLastError
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
GetCommandLineA
GetModuleHandleA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
lstrcpyA
DeleteCriticalSection
EnterCriticalSection
FreeEnvironmentStringsA
SetLastError
VirtualAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
GetStdHandle
TlsGetValue
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP

user32

SetRect

ltkrn12n

ord135
ord192
ord146
ord129
ord215
ord137
ord196
ord189
ord163
ord134
ord101
ord100
ord141
ord125
ord188
ord191
ord194
ord274
ord271
ord272
ord273
ord190

lffax12n

ord203
ord201
ord202

Exports

Exports

DllMain
fltComment
fltDeletePage
fltGetStamp
fltGetTag
fltInfo
fltLoad
fltSave
fltSaveData
fltSetComment
fltSetTag
fltStartSaveData
fltStopSaveData

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f595cc6110a3d84fe6322845c8a351b7

Headers

File Characteristics

Imports

kernel32

user32

ltkrn12n

lffax12n

Exports

Exports

Sections

.text Size: 117KB - Virtual size: 116KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 20KB - Virtual size: 25KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 117KB - Virtual size: 116KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 20KB - Virtual size: 25KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 5KB - Virtual size: 5KB