85d7a2f210383891a858792543f3245d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

85d7a2f210383891a858792543f3245d_JaffaCakes118
Size

1.0MB
MD5

85d7a2f210383891a858792543f3245d
SHA1

c22f60fb428043514de0d6c8edd64a94fd2c704f
SHA256

f5195623e592d1a3ce0445d02f6825fcd4ab431aeaf93597c245ca3448114119
SHA512

eeab0fe0289d75ceb9b7242ae8669ba872429b7d299372afbb99c30e9da6827d4413ca06a223b86705ea8e2d4da1649eaa00a4ba7f57e524414f116153d7e5af
SSDEEP

24576:MXkar87axpe/pVPe9EvAi2o/wlUTJR1WI3Prda9TYmPEqGVo8zzeA/DZJFwtxajy:ND/pftPxaNYmPEqGDmXkftb8xfD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85d7a2f210383891a858792543f3245d_JaffaCakes118

Files

85d7a2f210383891a858792543f3245d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

503a5c3721413b86b757cf6d22832cbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\shit\SR P4 Dalarna.pdb

Imports

ws2_32

send

kernel32

GetThreadIOPendingFlag
SetFilePointer
GetModuleHandleExA
FreeLibrary
LoadLibraryExW
GetCurrentProcess
Heap32ListNext
FindNextVolumeMountPointA
WriteFile
GetProcessTimes
LoadLibraryW
Sleep
HeapDestroy
LeaveCriticalSection
HeapCreate
GetFileAttributesW
lstrcatA
CompareStringW
lstrlenW
GetLastError
SetLastError
GetProcAddress
FindVolumeMountPointClose
EnterCriticalSection
HeapWalk
FindFirstVolumeMountPointA
lstrcatW
CloseHandle
GetSystemTime
TlsFree
lstrcpyW
CopyFileExA
DeleteFileA
lstrcpyA
HeapFree
HeapAlloc
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
SetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
MoveFileW
DeleteFileW
GetDiskFreeSpaceW
CreateFileW
GetFileSize
ExitProcess
GetSystemTimeAsFileTime
GetFileInformationByHandle
SetEnvironmentVariableA
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetProcessId
FindClose
FindFirstFileW
ReadFile
SetEndOfFile
FlushFileBuffers
HeapReAlloc
GetStdHandle
LockFileEx
UnlockFileEx
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
GetEnvironmentVariableA
GetTempPathA
FindNextFileW
IsValidLocale
RtlUnwind
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
InterlockedExchange
GetTimeZoneInformation
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
LCMapStringW
SetFileTime
InitializeCriticalSection
WriteConsoleW
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
IsProcessorFeaturePresent
RaiseException
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
TlsAlloc
TlsGetValue
TlsSetValue
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize

user32

CreateDesktopW
RealChildWindowFromPoint
LockSetForegroundWindow
DdeGetLastError
IsClipboardFormatAvailable
GetGuiResources
GetTabbedTextExtentW
CreateMenu
CloseDesktop
IsCharUpperW
DrawFocusRect
IsDialogMessageA
IsDialogMessageW
IsCharAlphaNumericW
CharLowerA
GetMenuState
SendDlgItemMessageW
AdjustWindowRectEx
SystemParametersInfoA
SendMessageW
DestroyMenu
OemKeyScan
GetDlgItemTextA

gdi32

CreateDIBSection
ExtCreatePen

ole32

CoGetMalloc

Exports

Exports

ServiceMain
ph7_array_add_elem
ph7_array_add_intkey_elem
ph7_array_add_strkey_elem
ph7_array_count
ph7_array_fetch
ph7_array_walk
ph7_compile
ph7_compile_file
ph7_compile_v2
ph7_config
ph7_context_alloc_chunk
ph7_context_free_chunk
ph7_context_new_array
ph7_context_new_scalar
ph7_context_output
ph7_context_output_format
ph7_context_peek_aux_data
ph7_context_pop_aux_data
ph7_context_push_aux_data
ph7_context_random_num
ph7_context_random_string
ph7_context_realloc_chunk
ph7_context_release_value
ph7_context_result_buf_length
ph7_context_throw_error
ph7_context_throw_error_format
ph7_context_user_data
ph7_create_constant
ph7_create_function
ph7_delete_constant
ph7_delete_function
ph7_function_name
ph7_init
ph7_lib_config
ph7_lib_copyright
ph7_lib_ident
ph7_lib_init
ph7_lib_is_threadsafe
ph7_lib_shutdown
ph7_lib_signature
ph7_lib_version
ph7_new_array
ph7_new_scalar
ph7_object_fetch_attr
ph7_object_get_class_name
ph7_object_walk
ph7_release
ph7_release_value
ph7_result_bool
ph7_result_double
ph7_result_int
ph7_result_int64
ph7_result_null
ph7_result_resource
ph7_result_string
ph7_result_string_format
ph7_result_value
ph7_value_bool
ph7_value_compare
ph7_value_double
ph7_value_int
ph7_value_int64
ph7_value_is_array
ph7_value_is_bool
ph7_value_is_callable
ph7_value_is_empty
ph7_value_is_float
ph7_value_is_int
ph7_value_is_null
ph7_value_is_numeric
ph7_value_is_object
ph7_value_is_resource
ph7_value_is_scalar
ph7_value_is_string
ph7_value_null
ph7_value_release
ph7_value_reset_string_cursor
ph7_value_resource
ph7_value_string
ph7_value_string_format
ph7_value_to_bool
ph7_value_to_double
ph7_value_to_int
ph7_value_to_int64
ph7_value_to_resource
ph7_value_to_string
ph7_vm_config
ph7_vm_dump_v2
ph7_vm_exec
ph7_vm_release
ph7_vm_reset
quaternion_difference

Sections

.text
Size: 899KB - Virtual size: 899KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

503a5c3721413b86b757cf6d22832cbe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

ole32

Exports

Exports

Sections

.text Size: 899KB - Virtual size: 899KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 12KB - Virtual size: 130KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 899KB - Virtual size: 899KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 12KB - Virtual size: 130KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 37KB - Virtual size: 36KB