827855cb64009a2982da32e7c5a2d6a1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

827855cb64009a2982da32e7c5a2d6a1_JaffaCakes118
Size

240KB
MD5

827855cb64009a2982da32e7c5a2d6a1
SHA1

ef80efbbf794291c5ef609432e5e69ba7f2bc3a9
SHA256

74da17951dc11c46f4aa3166c80ca191057ceef13234e4387153872b70317a3a
SHA512

f14929f106cb967062b21ba007ba26cf2e91063b42878c679254df72de65f98822a19c753de14c22b93948ae279c12ac7eedea9e74e2f81555314b727c978828
SSDEEP

3072:XgX7mI6O/on0q5ddNFQVCA0huaj2We8Sj/gON38eCS8ePGrYj84ZLxFuapb:Xgb6ZxapkredL8eBerYYEtFuapb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
827855cb64009a2982da32e7c5a2d6a1_JaffaCakes118

Files

827855cb64009a2982da32e7c5a2d6a1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d72cb17c64a5d267db9d9dc8b903c0d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\src\datatype_rn\rm\imagemap\renderer\imaprender.pdb

Imports

msvcr71

_purecall
sprintf
strstr
_strnicmp
??3@YAXPAX@Z
_stricmp
_onexit
__dllonexit
_except_handler3
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
free
strncpy
isupper
tolower
??2@YAPAXI@Z
__security_error_handler
_vsnprintf
??_V@YAXPAX@Z
fclose
fprintf
asctime
localtime
time
fopen
??_U@YAPAXI@Z
memmove
strchr
strrchr
_putenv

kernel32

DisableThreadLibraryCalls
GetVersionExA
GetModuleHandleA
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetSystemInfo
GetVersion

user32

CharNextA
GetSystemMetrics
LoadCursorA
GetCursor
SetCursor

gdi32

GetStockObject
DeleteObject
CreatePen

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyA
RegSetValueA
RegOpenKeyA
RegQueryValueA
RegCloseKey

Exports

Exports

CanUnload2
RMACreateInstance

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d72cb17c64a5d267db9d9dc8b903c0d4

Headers

File Characteristics

PDB Paths

Imports

msvcr71

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 220B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.text Size: 188KB - Virtual size: 188KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 220B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 188KB - Virtual size: 188KB