7254569d656f8b58cce04f771ff5782f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7254569d656f8b58cce04f771ff5782f_JaffaCakes118
Size

172KB
MD5

7254569d656f8b58cce04f771ff5782f
SHA1

15ce04d6fc11705e212942c3f13faaae65334d28
SHA256

1a1647960100d1081bba4d658a8c348b74cc08b67c7b0d4e4f65f7da9f0b896f
SHA512

2dc54a470c5191cb35135d635a9659c00c22d8628198bae30ef4cf453e1e064977d05f7aa1cee1508173e25a59beee959490e7ac09e1127f3351fe3ddeb681fc
SSDEEP

3072:RZSW49HYQ0VLyZpfEebw4Si7gwgCDkKx0URNH/96qmGiC+bJQuoDwp5HDSeS:RANeLyHEAw4Si7gwgCDkKxL/liZYwi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7254569d656f8b58cce04f771ff5782f_JaffaCakes118

Files

7254569d656f8b58cce04f771ff5782f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e2e7b8cf861a8d8efc839f9503ebf80b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

isalnum
islower
isdigit
isalpha
_onexit
_initterm
_adjust_fdiv
_mbctype
realloc
isxdigit
tolower
_vsnprintf
??3@YAXPAX@Z
isupper
_findclose
_chsize
_findnext
_findfirst
strtok
_fstat
_errno
iscntrl
getenv
__CxxFrameHandler
strspn
strchr
isspace
ctime
fflush
fread
malloc
fprintf
calloc
sscanf
remove
strncpy
strstr
strncmp
free
fopen
strtol
memmove
_stricmp
fwrite
fclose
strrchr
_strnicmp
atol
_purecall
atoi
time
__dllonexit
??2@YAPAXI@Z
_strcmpi
_tell
_read
_write
_lseek
_sopen
_open
_creat
_close
_stat
_getcwd
_chdir
_unlink

kernel32

FreeLibrary
LocalFileTimeToFileTime
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetTempPathA
CreateFileA
GetFileSize
GetTempFileNameA
MapViewOfFile
GetLastError
CreateFileMappingA
GetSystemInfo
MoveFileA
UnmapViewOfFile
SetFileAttributesA
FindNextFileA
GetFileAttributesA
GetDriveTypeA
FindFirstFileA
RemoveDirectoryA
GetWindowsDirectoryA
FindClose
CreateDirectoryA
CloseHandle
ReleaseMutex
DeleteFileA
WaitForSingleObject
LoadLibraryA
CreateMutexA
GetModuleHandleA
GetTickCount
GetDiskFreeSpaceA
DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress

user32

CharNextA
GetSystemMetrics
CharPrevA

Exports

Exports

CanUnload
RMACreateInstance
RMAShutdown

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e2e7b8cf861a8d8efc839f9503ebf80b

Headers

File Characteristics

Imports

pncrt

kernel32

user32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text Size: 172KB - Virtual size: 172KB

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 172KB - Virtual size: 172KB