76bb742e6218751afd6cc0e10a4ab102_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

76bb742e6218751afd6cc0e10a4ab102_JaffaCakes118
Size

960KB
MD5

76bb742e6218751afd6cc0e10a4ab102
SHA1

b87984f95568dbbd3f361411524663292be7749f
SHA256

41cc635cb8140615e98a60fee3bf7e4e6f05b4b99ea314403780aba3dec948e8
SHA512

e3a9da823033f6d70ab563f6aecca23c42f39ed423a6e7069614a78dcd975d038166d17f419f247f74f8d50e48d8edfc4505caf7fdb68ab3482a1c8cb34a65f6
SSDEEP

24576:1gpckZ1W3pelAFL41eklg4zTXW+k31xvCRhOUr3Bh2kqeK:1KcAW5iAFUOAdK1MRxBko

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76bb742e6218751afd6cc0e10a4ab102_JaffaCakes118

Files

76bb742e6218751afd6cc0e10a4ab102_JaffaCakes118
.dll windows:6 windows x64 arch:x64

180a84eb195fe6a7a0be50e46858006b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
CreateFileMappingA
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetTickCount
CreateThread
Sleep
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetLastError
CloseHandle
ReadFile
GetFileSize
CreateFileW

gdi32

DeleteColorSpace
CreateColorSpaceW
ExtCreatePen
CombineTransform
AngleArc
GetEnhMetaFileA
DeleteEnhMetaFile
CreateEnhMetaFileA
GdiTransparentBlt
CreateFontIndirectExW
GetRgnBox
GetNearestPaletteIndex
GetBitmapDimensionEx
DeleteObject
CreateFontIndirectA
CreateDIBitmap
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmapIndirect
CopyMetaFileW

dbghelp

SymSetContext
SymFromAddr
SymSetSearchPath
SymGetSearchPath
SymFromName
SymGetTypeInfo
SymInitialize
SymGetLinePrev64
SymGetLineFromName64
SymGetLineFromAddr64
SymGetModuleBase64
SymEnumerateModules64
SymCleanup
StackWalk64
ImageDirectoryEntryToDataEx
ImageNtHeader
FindExecutableImageEx
FindExecutableImage
SymFindFileInPath
FindDebugInfoFileEx
MiniDumpReadDumpStream

imm32

ImmRegisterWordW
ImmGetCandidateWindow
ImmSetCompositionWindow
ImmGetProperty
ImmIsIME
ImmCreateContext
ImmDestroyContext
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmSetCompositionStringA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetConversionStatus
ImmSetConversionStatus
ImmGetOpenStatus
ImmGetCompositionFontW
ImmSetCompositionFontW
ImmEscapeW
ImmGetCompositionWindow
ImmUnregisterWordW
ImmGetRegisterWordStyleA
ImmGetImeMenuItemsA

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

memset
memmove
__std_type_info_destroy_list
__C_specific_handler
strchr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
memchr
memcmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
exit
_initialize_onexit_table
_errno
_initterm_e
_seh_filter_dll
_initterm
_cexit
strerror
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-string-l1-1-0

strcmp
isxdigit
isspace
strnlen
strncpy
strncmp
strncat
_wcsnicmp
wcsncpy
wcsncat

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
calloc

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-convert-l1-1-0

_itoa
_ltow
_ultow
_ultoa
strtoul
_itow

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
fwrite
fread
fopen
fflush
ferror
feof
fclose
__acrt_iob_func
__stdio_common_vsprintf
fseek

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-math-l1-1-0

cosf
ceilf
ceil
atanf
atan2f
atan2
expf
floor
floorf
log10f
logf
powf
sin
sinf
sqrt
sqrtf
exp

Exports

Exports

parse_elf64
uiSeparatorHandle
uiSliderSetValue
uiWindowsGetSizing

Sections

.text
Size: 840KB - Virtual size: 839KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

180a84eb195fe6a7a0be50e46858006b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

dbghelp

imm32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 840KB - Virtual size: 839KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 5KB - Virtual size: 7KB

.pdata Size: 23KB - Virtual size: 22KB

.detourd Size: 512B - Virtual size: 512B

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 840KB - Virtual size: 839KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 5KB - Virtual size: 7KB

.pdata
Size: 23KB - Virtual size: 22KB

.detourd
Size: 512B - Virtual size: 512B

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB