5e27414af178a328308a602d7c262169_JaffaCakes118

General

Target

5e27414af178a328308a602d7c262169_JaffaCakes118
Size

178KB
MD5

5e27414af178a328308a602d7c262169
SHA1

12ed3ab1ea0f519f10655cd4e3cba730067bc1e4
SHA256

3b104132174cadbc5c9c2061c8d1d677a912e4dda547e25d80e1130c9139c772
SHA512

61070a6c9353078569120b4f1cf651f7e7bc5383cebd99ae11f001e91b004b281ce23db409ea9f98ef3e247fe09de6c4c42cc7dafcb3857929ef067d28c1dc1f
SSDEEP

3072:X3cfZ7AX6dGcO/F4V3Ajtbz7IX7E/IOQhvyxtosXNeJf5yZRb06EuNS:Xg7FEcO/qAZbXIrE/2vC1eJB0Rb7N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e27414af178a328308a602d7c262169_JaffaCakes118

Files

5e27414af178a328308a602d7c262169_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a5c77b00195f634071904d5f35a50caa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\CXR18\BSF\intel_a\code\bin\V5JsyEnvDotNet.pdb

Imports

netapi32

Netbios

kernel32

UnhandledExceptionFilter
TerminateProcess
GetLastError
GetDiskFreeSpaceExW
IsDebuggerPresent
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcess

ole32

CoTaskMemAlloc

msvcr80

?_wopen@@YAHPB_WHH@Z
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
atoi
_initterm_e
_amsg_exit
_getpid
__CppXcptFilter
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
_time64
_errno
_close
_wchmod
memset
_wsplitpath
_wmakepath
_read
_initterm
_adjust_fdiv

Exports

Exports

DASSAULT_SYSTEMES_CAA2_INTERNAL_V5JsyEnvDotNet
getNativeBuildDate
getNativeHotFix
getNativeRelease
getNativeServicePack
getNativeVersion
getuuid
nativeChmod
nativeGetCKSum
nativeGetFreeDiskSpace

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5c77b00195f634071904d5f35a50caa

Headers

File Characteristics

PDB Paths

Imports

netapi32

kernel32

ole32

msvcr80

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 168KB - Virtual size: 168KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 446B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 168KB - Virtual size: 168KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 446B