6492d21ec8648f1c9f8f4d6601b8de1e_JaffaCakes118

General

Target

6492d21ec8648f1c9f8f4d6601b8de1e_JaffaCakes118
Size

185KB
MD5

6492d21ec8648f1c9f8f4d6601b8de1e
SHA1

1dac78ac20484c6c5dd846ed37e7fb101b28f1e2
SHA256

3b3507eabaa4c6d231c99da7840d9d17dcff62c5de2edb46e2e57b82f0de0faf
SHA512

45112dc1c020c3971ccfe3d54ddcfe88faa9a57dff79a02035087e4f9e9fae2d7739d035af44e8eb630f5ed5d1af3518e07cf89c0a9ad601d826f215dc44a484
SSDEEP

3072:MOjmcz4L2SXkHF4cAke81q1tL172fOTxHgww1VrS3L3Nmpusz2naK7EACt+Pj+/:MRcWRXkl9Akk1ifbww1VrOzK0naBACo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6492d21ec8648f1c9f8f4d6601b8de1e_JaffaCakes118

Files

6492d21ec8648f1c9f8f4d6601b8de1e_JaffaCakes118
.dll windows:6 windows x86 arch:x86

0490917c7e9ac54523bbdbae413dac95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wpdtrace.pdb

Imports

msvcrt

free
_snprintf
_adjust_fdiv
_amsg_exit
_initterm
_splitpath
malloc
_XcptFilter
strncat
memset

ntdll

RtlUnwind

kernel32

lstrcatA
InterlockedCompareExchange
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedExchange
WaitForSingleObject
WriteFile
ReleaseMutex
TlsAlloc
TlsFree
TlsSetValue
HeapAlloc
GetProcessHeap
HeapFree
TlsGetValue
GetCurrentProcessId
GetModuleFileNameA
ExpandEnvironmentStringsA
GetLocalTime
SetFilePointerEx
SetEndOfFile
CopyFileA

Exports

Exports

WPDTRACE_DecrementIndentLevel
WPDTRACE_GetIndentLevel
WPDTRACE_GetTraceSettings
WPDTRACE_IncrementIndentLevel
WPDTRACE_Init
WPDTRACE_OutputString
WPDTRACE_SetTraceSettings
WPDTRACE_Term

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0490917c7e9ac54523bbdbae413dac95

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 172KB - Virtual size: 172KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 1024B - Virtual size: 636B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 1024B - Virtual size: 636B