44c005ba14a7ae011f97d64213b149aa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44c005ba14a7ae011f97d64213b149aa_JaffaCakes118
Size

229KB
MD5

44c005ba14a7ae011f97d64213b149aa
SHA1

7a775860f7d45c432800a2439eee30467ae527fb
SHA256

588c5148431328fa8b384ce811414101257ae18d49e90c393586a792c97bd740
SHA512

c808b09ac96a5d2c78f5642a96de610fc3cd0574aa1b9603d145a5f2393d89edb4ee7934678a85100ccd5f8b862a21d42e105c885fcb3e0257287fad3d2ca91b
SSDEEP

6144:ggiXGTBeFyKHwpoV+Tb7wRi2sxHzmehEhpc85kfEx+yFNT:dTAFy1KV+TvysxTupV5kfEBF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44c005ba14a7ae011f97d64213b149aa_JaffaCakes118

Files

44c005ba14a7ae011f97d64213b149aa_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e8fcd924004be61375969e3c785cbe33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Work\Working_Area\Buzzsaw\TequilaVS2008\3rdPartyComponents\ZLib\src\projects\visualc90\Win32_DLL_Release\PPZlib123.pdb

Imports

msvcr90

ftell
fprintf
_fdopen
fopen
sprintf
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
clearerr
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
strerror
malloc
fputc
fseek
fflush
_vsnprintf
free
fclose
_errno
fread
ferror
fwrite
memset
_initterm_e
memcpy

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8fcd924004be61375969e3c785cbe33

Headers

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 168KB - Virtual size: 168KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 168KB - Virtual size: 168KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB