6f620598d0d7aeb118d5e6b9421f103e_JaffaCakes118

General

Target

6f620598d0d7aeb118d5e6b9421f103e_JaffaCakes118
Size

342KB
MD5

6f620598d0d7aeb118d5e6b9421f103e
SHA1

f8f6716ec00f539ee1ef41d4723a4943c70f789a
SHA256

71a359f23a8448cf3e9649058d9b0794a1477164ed82c10eb685d3b4d4c529b9
SHA512

00ca62e6d2057f69c0f3744edafd90a4eb659c4e6e3f6ff56060510d2a625bfeed274ab09b10721fda11ff27564c2d088490fca4ce1017e46795bf61d40d792e
SSDEEP

6144:pxeSmYDrzL+jfls10+4s3AJ+afWcVYu78BNHI2teEov3rfAnyg:pdGflo0S32UIHgjHI2YAnN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f620598d0d7aeb118d5e6b9421f103e_JaffaCakes118

Files

6f620598d0d7aeb118d5e6b9421f103e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

35e37a08cb8074369cb08a8b31e958fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\sandbox\20071220_095411\libsndfile\Profiling\libsndfile.pdb

Imports

kernel32

CreateFileA
LocalFree
FormatMessageA
GetStdHandle
GetLastError
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetFileType
GetFileSize
FlushFileBuffers
SetEndOfFile
DisableThreadLibraryCalls

nscrt

memset
free
isprint
_snprintf
time
memcpy
strncpy
abs
fmod
floor
frexp
calloc
_get_osfhandle
_errno
puts
printf
malloc
strlen
strstr
strcmp
sscanf
strtol
memcmp
_vsnprintf
gmtime
fprintf
_iob
tolower
strrchr
strncat
_initterm
_adjust_fdiv
__CppXcptFilter
_except_handler3
__dllonexit
_onexit
fabs

Exports

Exports

sf_close
sf_command
sf_error
sf_error_number
sf_error_str
sf_format_check
sf_get_string
sf_open
sf_open_fd
sf_open_virtual
sf_perror
sf_read_double
sf_read_float
sf_read_int
sf_read_raw
sf_read_short
sf_readf_double
sf_readf_float
sf_readf_int
sf_readf_short
sf_seek
sf_set_string
sf_strerror
sf_write_double
sf_write_float
sf_write_int
sf_write_raw
sf_write_short
sf_write_sync
sf_writef_double
sf_writef_float
sf_writef_int
sf_writef_short

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

35e37a08cb8074369cb08a8b31e958fc

Headers

File Characteristics

PDB Paths

Imports

kernel32

nscrt

Exports

Exports

Sections

.text Size: 159KB - Virtual size: 159KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 15KB - Virtual size: 31KB

.reloc Size: 4KB - Virtual size: 4KB

.text Size: 145KB - Virtual size: 148KB

.text
Size: 159KB - Virtual size: 159KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 15KB - Virtual size: 31KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 145KB - Virtual size: 148KB