4b3ad532f9316d8f747eb77794818992_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b3ad532f9316d8f747eb77794818992_JaffaCakes118
Size

48KB
MD5

4b3ad532f9316d8f747eb77794818992
SHA1

4ef8e497362d9da3bc2518af69512c2c2342abbc
SHA256

2efb40fc54ebbd2fd97fa6161b00aa9eb72cd52cdf5bc5b0d09941c9aab07a87
SHA512

621c19d8be7df139b024247ce9a829a33b67f224c7ac1670a777e6df4b51ffa09c8ebf5f91c86a70cdd3636637ba2c3f1612330aec9dd319984907efbf77fb9e
SSDEEP

768:puXawcIR5GtNnQcueBeyxc4qvKBlBFwLSX4Zt28INovys0Do:4KwcIR5GtNnQcuiep4MK/BFwLACtGsH7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b3ad532f9316d8f747eb77794818992_JaffaCakes118

Files

4b3ad532f9316d8f747eb77794818992_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6e2cb520ce5a264434b9b6e4a7b84cd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\kazaa2\Kazaa\kzscan\Release\kzscan.pdb

Imports

bdcore

CoreDeleteInstance
CoreUninit
CoreInit
CoreNewInstance
CoreSet

kernel32

VirtualQuery
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
InitializeCriticalSection
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryA
CreateDirectoryA
GetModuleFileNameA
ExitProcess
HeapFree
HeapAlloc
ExitThread
CloseHandle
TlsSetValue
TlsGetValue
GetLastError
ResumeThread
CreateThread
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
TlsFree
SetLastError
TlsAlloc
GetModuleHandleA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
WriteFile
SetFilePointer
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
SetStdHandle
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
FlushFileBuffers
VirtualProtect

Exports

Exports

AddScanDir
GetDefinitions
InitBDEngine
RemoveAllScanDirs
RemoveScanDir
ScanFile
SetVCallBack
StartScanning
StopGetDefinitions
StopScanning
UninitBDEngine

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e2cb520ce5a264434b9b6e4a7b84cd6

Headers

File Characteristics

PDB Paths

Imports

bdcore

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB