8c1ae7224e01ebad9e540c5bf25b28c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c1ae7224e01ebad9e540c5bf25b28c9_JaffaCakes118
Size

348KB
MD5

8c1ae7224e01ebad9e540c5bf25b28c9
SHA1

b9a9a06f238841cb63a53e416ca0265d34fce095
SHA256

637b4fdbb53b16f2a7e42a9e69c9fb594cdbee89f4bd1ffcb73c336f9c16a77e
SHA512

ef02da6e4d0083faa2d1004c944a1c2a4e72773e64fad8c08571350162cd8cedb62007980dbe61b322285f8181a96341dd1714d15fc4dd77c6961817a5e46c37
SSDEEP

6144:XhXxvH7wOrtx8PFsBIJQEUC40tcQw7bnOaIaWjoWzYAOxjp2:XhXxvb3MQEUCbtg7bnjImwYAOxjp2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c1ae7224e01ebad9e540c5bf25b28c9_JaffaCakes118

Files

8c1ae7224e01ebad9e540c5bf25b28c9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b11b1a1930987d61d2531b0dd90a1903

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\drm2\trunk\agent\src\prj\win32\SecureAreaV2_DLL\release\drmcm.pdb

Imports

shlwapi

PathIsDirectoryA

kernel32

TlsAlloc
CompareStringW
GetLastError
HeapFree
HeapAlloc
CreateDirectoryA
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwind
MultiByteToWideChar
ReadFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
CloseHandle
FlushFileBuffers
TlsGetValue
SetEnvironmentVariableA
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
DebugBreak
LoadLibraryA
InitializeCriticalSection
FreeLibrary
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleFileNameW
VirtualQuery
HeapSize
SetEndOfFile
CompareStringA

Exports

Exports

ROv2_combinedRO
ROv2_free
ROv2_init
ROv2_new
ROv2_writeRO
SAv2Util_DomainContext_set
SAv2Util_RIContext_set
SAv2_copy
SAv2_createSecureAreaKey
SAv2_init
SAv2_init_by_DeviceInfo
SAv2_init_by_MobileID
SAv2_init_by_UserID
SAv2_readCertificate
SAv2_readDeviceROKey
SAv2_readDomainContext
SAv2_readDomainContextWithIndex
SAv2_readHeader
SAv2_readPrivateKey
SAv2_readRICertificate
SAv2_readRIContext
SAv2_writeCertificate
SAv2_writeDeviceROKey
SAv2_writeDomainContext
SAv2_writeHeader
SAv2_writePrivateKey
SAv2_writeRICertificate
SAv2_writeRIContextID

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b11b1a1930987d61d2531b0dd90a1903

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 32KB - Virtual size: 38KB

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 8KB - Virtual size: 7KB

.text Size: 116KB - Virtual size: 116KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 32KB - Virtual size: 38KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 116KB - Virtual size: 116KB