4b5df990fa695fd358be2a975e43a1f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b5df990fa695fd358be2a975e43a1f5_JaffaCakes118
Size

1.1MB
MD5

4b5df990fa695fd358be2a975e43a1f5
SHA1

fed41ab20a633be4890c5c2f80ee495d3228094b
SHA256

67cc08ff69f12b9b90f591094d62f12b6a7674a8bf11f14ddc35355cda11021f
SHA512

3f611347dd64b6db7731fffb40b15fe0eba209ab1fd7c3172c96a786535cc54629773012a4cd4a1ff72aa9abcedfc7f9abef0a79ef56bf596f775080c991a1b2
SSDEEP

24576:kSbLCrThRsQSLLCm2quFFAVOhYYN/BQsv98hGKz3LMoTwuU1BOl3+V5:3CfCLLCm2quFFAV+YIKsmhG8bM9fkl3i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b5df990fa695fd358be2a975e43a1f5_JaffaCakes118

Files

4b5df990fa695fd358be2a975e43a1f5_JaffaCakes118
.dll windows:6 windows x86 arch:x86

fafdfe7a7f1fc36f22ee48c470d2b264

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
wctomb
_snprintf
isleadbyte
mbtowc
isdigit
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
iswprint
_vsnwprintf
memmove
_iob
__mb_cur_max
_errno
__CxxFrameHandler
iswspace
calloc
??3@YAXPAX@Z
_itoa
towlower
tolower
_wcslwr
atol
fclose
__unDName
_CxxThrowException
bsearch
fread
fseek
_wfsopen
_fsopen
wcstol
strchr
wcsrchr
_fullpath
_wfullpath
_wcsdup
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
time
_wctime
strncmp
_ltoa
_wcsnicmp
_purecall
ctime
malloc
isspace
_stricmp
_strlwr
free
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
_isatty
iswxdigit
memset
??2@YAPAXI@Z
_wsopen
_sopen

kernel32

InterlockedDecrement
LocalFree
GetVersion
LCMapStringA
SetFileAttributesA
CopyFileA
DeleteFileA
DeviceIoControl
GetFileType
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsA
MapViewOfFileEx
FlushViewOfFile
InterlockedIncrement
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetSystemInfo
LoadLibraryA
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
GetCurrentProcessId
OpenProcess
CreateFileMappingA
MapViewOfFile
FindClose
LocalAlloc
SetLastError
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
DeleteCriticalSection
HeapDestroy
FreeLibrary
HeapCreate
InitializeCriticalSection
GetVersionExA
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
SetFilePointer
GetCurrentProcess
UnmapViewOfFile
CreateDirectoryA
VirtualProtect
VirtualAlloc
DuplicateHandle
GetModuleHandleA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 935KB - Virtual size: 935KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fafdfe7a7f1fc36f22ee48c470d2b264

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 935KB - Virtual size: 935KB

.data Size: 18KB - Virtual size: 111KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 50KB - Virtual size: 50KB

.text Size: 114KB - Virtual size: 116KB

.text
Size: 935KB - Virtual size: 935KB

.data
Size: 18KB - Virtual size: 111KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 50KB - Virtual size: 50KB

.text
Size: 114KB - Virtual size: 116KB