81f4b137e6d94e18051d77befed05c51_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

81f4b137e6d94e18051d77befed05c51_JaffaCakes118
Size

152KB
MD5

81f4b137e6d94e18051d77befed05c51
SHA1

2631402b4db79a3d7d7a70a0832b7baaee81f1d9
SHA256

31128546a8499f5af1eb4703b751ff760952036a8d774dd03378d8a098e7501a
SHA512

e340cd69621b22a8c32af025310ba7cf822c5413878c25634ce94a84aa2498e6557a8c93d3c0dcd4e60aeb90f405cb1daf6f9793dc56784595135b2c4bd5bd5f
SSDEEP

1536:srqj/TCbAmtnup5qW7QbSK3uyltSwLIe34ZYAK0BqrVRxo/9tIb4Oa7gHzQM7VH4:sLbAmluaruylFIe3nSA7ob6Jc04

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81f4b137e6d94e18051d77befed05c51_JaffaCakes118

Files

81f4b137e6d94e18051d77befed05c51_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d48f4fdd6c16a90a59b9a19be13eaa8d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

D:\depot\bas\710_REL\src\optU\NTintel\i18n\sapu16\libsapu16vc80.pdb

Imports

msvcr80

wcscspn
_wcsdup
malloc
memcpy
wcsncat
wcsncmp
wcsncpy
wcspbrk
wcsrchr
wcsspn
wcsstr
wcstok
strpbrk
strspn
realloc
putc
getc
ferror
memchr
ungetc
free
strtol
wcschr
strtod
localeconv
strtoul
strncmp
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
__lconv_init
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
strchr
fputs
_errno
memset
sprintf
strncpy
__iob_func
fwrite
fputc
_set_invalid_parameter_handler
_getpid
_fileno
_HUGE

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
SetUnhandledExceptionFilter

Exports

Exports

checkVersionLibu16U16
dbgAlignCheckStringU16
fget_intU16
fget_lineU16
fget_longU16
fget_strU16
fgetcU
fgetcU16
fgetsU
fgetsU16
fprintfU16
fputcU
fputcU16
fputsU
fputsU16
freadU
freadU16
fwriteU16
getVersionLibu16U16
getsU
getsU16
gets_sRFB
gets_sU16
putsU
putsU16
setTraceLibu16U16
strcatU
strcatU16
strcat_sRFB
strcat_sU16
strchrU
strchrU16
strcmpU
strcmpU16
strcpyU
strcpyU16
strcpy_sRFB
strcpy_sU16
strcspnU
strcspnU16
strdupU
strdupU16
strlenU
strlenU16
strncatU
strncatU16
strncat_sRFB
strncat_sU16
strncmpU
strncmpU16
strncpyU
strncpyU16
strncpy_sRFB
strncpy_sU16
strnlenRFB
strnlenU16
strpbrkU
strpbrkU16
strrchrU
strrchrU16
strspnU
strspnU16
strstrU
strstrU16
strtokU
strtokU16
strtok_rRFB
strtok_rU16
u16_fwriteU
u16_fwriteU16
vvfprintfU16
vvfprintf_sU16
vvfscanfU16
vvfscanf_sU16

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d48f4fdd6c16a90a59b9a19be13eaa8d

Headers

File Characteristics

PDB Paths

Imports

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 56KB - Virtual size: 54KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 56KB - Virtual size: 54KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB