5e19b58f4fe759da83df031f7fb1b182_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e19b58f4fe759da83df031f7fb1b182_JaffaCakes118
Size

29KB
MD5

5e19b58f4fe759da83df031f7fb1b182
SHA1

9afbdd5d984fe662f769197a5ab833217af49e09
SHA256

e23d2c63075d081f1119bc8c3b0f3e8683877d2543c71bf1dafd17cd06ebabae
SHA512

bc3d097a2732a496bd80478210a66edcaca658584d210399b1bc4aa4b2ee7b6a99fb745d31b883fa694a822b572ae74d1f7d2f0f76e88a2344ac1422eec6b64a
SSDEEP

768:Zu41fP0qvVpEGvWhDLfx1itz2OKW7bWY:HftweWhD7692OKW7S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e19b58f4fe759da83df031f7fb1b182_JaffaCakes118

Files

5e19b58f4fe759da83df031f7fb1b182_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b7f7b916d9ec4cf0fdc0540c528bad02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\mod_kirisame\Release\mod_kirisame.pdb

Imports

ws2_32

setsockopt
socket

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
GetPrivateProfileIntW
IsBadReadPtr
VirtualProtect
FlushInstructionCache
GetCurrentProcess
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcessId

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr90

memmove_s
??0exception@std@@QAE@XZ
_unlock
_invalid_parameter_noinfo
_encode_pointer
__CxxFrameHandler3
_onexit
_decode_pointer
_malloc_crt
free
_encoded_null
??0exception@std@@QAE@ABQBD@Z
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_localtime64_s
swprintf_s
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
??1exception@std@@UAE@XZ
_initterm
??3@YAXPAX@Z
memcpy
_CxxThrowException
__dllonexit
_lock

Exports

Exports

Initialize
Terminate

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7f7b916d9ec4cf0fdc0540c528bad02

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 2KB - Virtual size: 2KB